400 Bad Request on client_credentials request, but only in production!

Hey everyone,

Not sure exactly why this is happening but figured I’d poke the forum

$url = "https://id.twitch.tv/oauth2/token?client_id=".AppInfo::$Apps['Twitch']->ClientID."&client_secret=".AppInfo::$Apps['Twitch']->ClientSecret."&grant_type=client_credentials";

$ch = curl_init($url);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);

$data = curl_exec($ch);
curl_close($ch);

if(!$decodedTwitchData = json_decode($data, true))
{
    var_dump($url);
    throw new Exception("Empty or invlaid return data: {$data}");
}

When I test this locally in my dev environment, everything works peachy-keen

However, when I run the exact same script, with the exact same client-id and client-secret, it returns this

Just seems no matter what I attempt to do, doesn’t work. I even tried adding the url to the script in the redirect list for the app registered inside my twitch dev account.

But again, it works perfectly fine in my script when run locally. And in Postman for that matter.

Any thoughts?

First off you probably want to do something more like

Which will handle things and test responses more gracefully.

As the the 400, not sure whats going on here. as this endpoint should always return JSON.
I don’t see anything wrong with your code.

This could suggests there is a problem between you and Twitch on production.
Either a firewall or other system.
Or you have having a residual issue from yesterdsays fastly outage. Since fastly will sit in from of the API.
And/or your production provided is having a bad day with routing.

Hi Barry, thank you for reaching out

Utterly bizzare honestly, but I did manage to fix it, by simply moving the query string params to postfields

That’s it.

But according to the documentation, the query string params are not only supposed to work, thats the example the docs give.

But I noticed in a previous post of your’s from 2020, that you mentioned that sending the query string and postfields works: Getting a token: 400 Bad Request - #2 by BarryCarlyon

So I gave that a shot, and… success :man_shrugging:

$url = "https://id.twitch.tv/oauth2/token";
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, [
    'client_id' => AppInfo::$Apps['Twitch']->ClientID,
    'client_secret' => AppInfo::$Apps['Twitch']->ClientSecret,
    'grant_type' => 'client_credentials'
]);

$data = curl_exec($ch);
curl_close($ch);

if(!$decodedTwitchData = json_decode($data, true))
{
    throw new Exception("Empty or invlaid return data: {$data}");
}

Yeah both are supported.

And I tested both befotre I originally replied…

So not sure whats up for you