404 message when trying to retreive API token


I’m writing my first Twitch app in Flask and I could use a few pointers. I’m currently trying to write an app to get the subscriber list for users that connect to a website that I will be hosting. I am sending this string to authorize users on the website:


It bring the user back with this response:
“GET /post/?code=CODE_HERE&scope=channel%3Aread%3Asubscriptions HTTP/1.1” 200 -"

Now, I know you need to trade that code for an oAuth token:

headers = {'Authorization': 'Bearer (%s)' % oauth}
get = requests.get('https://api.twitch.tv/helix',  headers=headers)

, but everytime I try to, I always receive a:

{"error":"Not Found","status":404,"message":""}

What exactly am I doing wrong? Do I need to change the code flow? Is that the wrong address to send that code for the oAuth token?

As per the docs

The exchange URL is

POST https://id.twitch.tv/oauth2/token
    ?client_id=<your client ID>
    &client_secret=<your client secret>
    &code=<authorization code received above>
    &redirect_uri=<your registered redirect URI>

Not to Helix

Thank you for the response Barry. I tried what you said and am now receiving:

{"status":400,"message":"Invalid authorization code"}

<Response [400]> - - [23/Feb/2019 00:17:58] "GET /post/?code=REMOVED&scope=channel%3Aread%3Asubscriptions HTTP/1.1" 200 -

oauth = str(oauth[28:58])
get = requests.post("https://id.twitch.tv/oauth2/token?client_id=70abzn2qkdy5hv5z3eqv44895b7dyp&client_secret=REMOVED&code=(%s)&grant_type=authorization_code&redirect_uri=http://localhost/post/" % oauth)
return render_template('index.html', title='Home')

Any idea? Maybe its the way Flask is handling the HTTP requests? I’m certainly grabbing that code from the return URL and passing it into the post request. I tried to disconnect and reconnect my application as well.

EDIT: Fixed, this was happening because the post request needs to get sent after the GET request finishes. Have to learn Flask a little bit more to learn how to handle the data correctly. Thanks a bunch for your help.

What Get Request?

Step 1 of oAuth is to REDIRECT the user off site to review the security dialog
Step 2 is capture the code from the incoming HTTP GET
Step 3 is the code for token POST dance

Please revoke this secret, you just leaked your Client Secret in violation of the Dev TOS

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.