"403 invalid client secret" when refreshing access token

I generated a access token via OAuth authorization code flow. So i wanted to implement a refresh of a token when the app starts (it’s meant to run for a long time uninterrupted).
When I post the url, I get the response
403: Invalid client secret
I went to the developer dashboard, generated a new secret, went through the entire auth flow again to verify I didn’t do anything wrong there but I get the same result.
My code to get the new tokens via request:

return request({
	baseUrl: 'https://id.twitch.tv/oauth2/token' + 
			'?grant_type=refresh_token' +
			'&refresh_token=' + refreshtoken + 
			'&client_id=' + clientID +
			'&client_secret=' + clientSecret,
	url: 'channel',
	method: 'POST',
	json: true
}, 
(err, { statusCode }, body) => {
	if(err) console.log(err);
	else if(statusCode !== 200){
		console.log({ statusCode, body });
	} 
	else{
		// do stuff with tokens
	} 
});

I didn’t find anything on the forums here so maybe you guys can help me out.

Is wrong, you are adding “channel” to the end of “clientsecret”

“url” is appended to “baseUrl”

You’ve messed up how request works.

   request({
	url: 'https://id.twitch.tv/oauth2/token' + 
			'?grant_type=refresh_token' +
			'&refresh_token=' + refreshtoken + 
			'&client_id=' + clientID +
			'&client_secret=' + clientSecret,
	method: 'POST',
	json: true
    }, 

And as a side note, request is deprecated, you should consider moving off request to a newer library

You are the man! Thanks again. I’m quite the beginner here so I didn’t know request is depricated. I’ll do some research then :slight_smile:

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.