400 grant_type malformed on refresh

Qibbi · February 16, 2018, 5:58pm

I’m trying to refresh my token in my c# application but I get an error 400 with

"{\"error\":\"Bad Request\",\"status\":400,\"message\":\"The parameter \\\"grant_type\\\" was malformed: value must be one of \\\"authorization_code\\\", \\\"password\\\"\"}"

back
The way I am doing the request is the same as getting the first authorization.
The code I’m using:

    private bool Reauthorize(string token, out string oicf, out string id)
    {
        WebRequest request = WebRequest.Create("https://api.twitch.tv/api/oauth2/token");
        request.Method = "POST";
        request.ContentType = "application/x-www-form-urlencoded";
        byte[] buffer = Encoding.ASCII.GetBytes($"grant_type=refresh_token&client_id=dhpfs0eg1zy0u0dbp3mc90pa3px2dr&refresh_token={token}&client_secret=");
        byte[] scrtBuffer = ProtectedData.Unprotect(GetSecret(), new byte[] { 0, 1, 9, 2, 8, 3, 7, 4, 7, 5, 6, 3, 2 }, DataProtectionScope.CurrentUser);
        request.ContentLength = buffer.Length + scrtBuffer.Length;
        using (Stream requestStream = request.GetRequestStream())
        {
            requestStream.Write(buffer, 0, buffer.Length);
            requestStream.Write(scrtBuffer, 0, scrtBuffer.Length);
            requestStream.Flush();
            Array.Clear(scrtBuffer, 0, scrtBuffer.Length);
        }
        WebResponse response = request.GetResponse();

BarryCarlyon · February 16, 2018, 6:09pm

Should be:

WebRequest request = WebRequest.Create(“https://api.twitch.tv/kraken/oauth2/token”);

According to: https://dev.twitch.tv/docs/authentication#refreshing-access-tokens

To refresh, use this request:

curl -X POST https://api.twitch.tv/kraken/oauth2/token 
--data-urlencode
?grant_type=refresh_token
&refresh_token=<your refresh token>
&client_id=<your client ID>
&client_secret=<your client secret>

Qibbi · February 16, 2018, 6:28pm

I missed that, thanks! Still don’t get why they use two different endpoints which are named the same but reside in different directories.

3ventic · February 16, 2018, 6:29pm

As a general advice, HttpClient instead of WebRequest

Qibbi · February 16, 2018, 6:41pm

HttpClient uses strings, I like my sensitive data to not stay in memory for a random amount of time until the garbage collector decides it’s time to clean them up. (see the way the client_secret is handled).
If I’d done that I could just save it in plain text…

3ventic · February 17, 2018, 12:28am

StreamContent is the answer. No strings attached.

system · March 19, 2018, 12:28am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.