Authentication failed when trying to retrieve my channel's suibscriber list

Hi,
Im trying to get the subscribe list from my channel with the tmi lib for node.js:

tmiClient.api ({
url : “https://api.twitch.tv/kraken/channels/b4kus1n/subscriptions?direction=DESC&limit=5”,
method: “GET”,
headers : {
“Client-ID”: clientIdTwitch //Here I have the twitch’s client id
}
}, function (err, res, body) { console.log(body); }

But the body responds me with this error:

{ error: ‘Unauthorized’,
status: 401,
message: ‘authentication failed’ }

I tried putting in the url the parameters oauth_token and/or the client_id but doesnt work, however I can see all the subscriber list putting in the navigator chrome the same url.
url:https://api.twitch.tv/kraken/channels/b4kus1n/subscriptions?direction=DESC&limit=5&client_id=XXXX

note: Before this I called the tmi lib for follows, and worked fine.

1 Like

Do you have your Bearer/Authorization token to identify yourself and does that token have the proper permissions enabled to pull subscribers? A Client ID alone is not enough to pull private information about a channel.

Follows are not a protected asset. Please review the Twitch API documentation for more information:

You will note the scope:

Authentication
Required scope: channel_subscriptions

I’m also interested in this BaKuSiN, so if you find a solution, please let me know!

Hi, ty for answer me!,
Like you said before about scopes, now Im trying to get the user access token with OAuth Authorization Code Flow that allow me to see the subscriber’s list:

request ({
url : “https://id.twitch.tv/oauth2/authorize?client_id=XXXXX&redirect_uri=http://localhost&response_type=token&scope=channel_subscriptions” ,
method: “GET”
}, function (err, res, body) {
console.log(body);

}

I was expecting get the Oauth Token directly for use it here:

request ({
url : “https://api.twitch.tv/kraken/channels/b4kus1n/subscriptions?direction=DESC&limit=5”,
method: “GET”,
json: true,
headers : {
“Client-ID”: clientIdTwitch,
“Authorization”: “OAuth XXXTOKEN HEREXXX”
}
}, function (err, res, body) {
console.log(body);
}

But instead of getting the TOKEN, I get an HTML code which I think is for the user to give permissions.
Is there any way to get the TOKEN automatically without signing up every time I open the application?

You are correct in that you will receive HTML. The user is redirected to give permission to your application based on the scope that you are requesting. If they approve then the link you provided as your redirect link will be called with information and you can pull the token from there. There is no way around this, Twitch has to do two things: 1) verify with the user that they provide explicit permission and 2) verify your application based on a callback URL, especially so no one just hijacks your Client ID and tries to use it to get people to sign up for a service using your ID.

It is possible to not have to authenticate each time, you have to store the token back and retrieve it. Keep in mind that some types of tokens do expire, so Twitch provides a refresh token that may be used to generate a new refresh and access token.

You essentially have to build out another page that will collect that data. Also, the token, of course, only gives you access to the user data that approved the application.

Are you just wanting to test the theory out? If so, then just put the id.twitch.tv/oauth2/authorize link in your browser and it will attempt a redirect and provide a token that you can use. For example, when I go to the link in my browser for one of my test applications and then read the address bar:

http://morpheus.int.XXXX.net/iobotauth/#access_token=1971skckr..............&scope=chat_login

If you want to build out an entire solution for other folks to come to and authenticate so that you may provide statistics to them for subscribers then you will need to setup a landing page (based on the callback URL you gave to Twitch) that collects the token and stores it for retrieving data.

Again, keep in mind that you may only look at your subscribers when you authenticate, you cannot view the subscribers of anyone else unless they choose to authenticate to your service.

Cheers

Ty very much IllusionaryOne for all the replies!! I have everything more clear now.
A summary for AidanWilliams (or however need it), and correct me if Im doing something wrong:

1. First I have to authorize the aplication with this url

https://id.twitch.tv/oauth2/authorize?client_id=MyClientID&response_type=code&redirect_uri=http://localhost/authenticate&scope=channel_subscriptions

2. When I accept the permissions I receive a GET request with the parameters code and scope on the redirect_uri that I gave in the first step (exactly the same one that you put when you registered your app), then I use them on this request:

var urlToken = “https://id.twitch.tv/oauth2/token?client_id=” + CLIENTID_TWITCH + “&client_secret=” + CLIENT_SECRET + “&code=” + CODE + “&grant_type=authorization_code” + “&redirect_uri=http://localhost/authenticate”;

request ({
    url : urlToken ,
    method: "POST"
    }, function (err, res, body) {
        console.log(body);
    });

Here I get in the **body** the access_token, refresh_token and scope parameters. (It seems that this access_token never expire because we have to set the expiration time, but I dont know how to do it already).

3. And now with that token you can authorize your request for the sub list like this:

var url = “https://api.twitch.tv/kraken/channels/yourchannel/subscriptions”;

request ({
url : url,
method: “GET”,
json: true,
headers : {
“Client-ID”: clientIdTwitch,
“Authorization”: “OAuth yourAccessToken” //this is what I was failing at start
}
}, function (err, res, body) {
console.log(body); //Here you have an object with yours subs in this case.
});

Again, thanks to IllusionaryOne for the answers :heart::heart:

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.