Getting a token: 400 Bad Request

11148 · July 21, 2020, 8:14am

When I try to get a token, I only get an error “400 Bad Request”.

$urlp="https://id.twitch.tv/oauth2/token?client_id=".$this->APIkey."&client_secret=".$this->APIkeySecr."&grant_type=client_credentials";
	$ch = curl_init();
	curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
	curl_setopt($ch, CURLOPT_URL, $urlp);
	curl_setopt($ch, CURLOPT_FOLLOWLOCATION, TRUE);
	curl_setopt($ch, CURLOPT_POST, 1);
	$data = curl_exec($ch);

At the localhost everything works.
I checked the code on two servers, everywhere there is a 400 error.
Maybe the rfcs.ru domain is banned? Or what could be the reason?

BarryCarlyon · July 21, 2020, 11:13am

Everything looks OK here.

I tried

<?php

$ch = curl_init('https://id.twitch.tv/oauth2/token?client_id=' . CLIENT_ID . '&client_secret=' . CLIENT_SECRET . '&grant_type=client_credentials');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_POST, true);

$r = curl_exec($ch);
$i = curl_getinfo($ch);
curl_close($ch);

if ($i['http_code'] == 200) {
    $data = json_decode($r);
    if (json_last_error() == JSON_ERROR_NONE) {
        echo 'Got token';
        print_r($data);
    } else {
        echo 'Failed to parse JSON';
    }
} else {
    echo 'Failed with ' . $i['http_code'] . ' ' . $r;
}

and

<?php

$ch = curl_init('https://id.twitch.tv/oauth2/token');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, array(
    'client_id' => CLIENT_ID,
    'client_secret' => CLIENT_SECRET,
    'grant_type' => "client_credentials"
));

$r = curl_exec($ch);
$i = curl_getinfo($ch);
curl_close($ch);

if ($i['http_code'] == 200) {
    $data = json_decode($r);
    if (json_last_error() == JSON_ERROR_NONE) {
        echo 'Got token';
        print_r($data);
    } else {
        echo 'Failed to parse JSON';
    }
} else {
    echo 'Failed with ' . $i['http_code'] . ' ' . $r;
}

Change your code to also echo out the body not just the HTTP code, there should be an error message in the body that’ll provider further advice.

11148 · July 21, 2020, 11:36am

Using the brute-force method, I found a working option:

$urlp=“https://id.twitch.tv/oauth2/token?client_id=".$this->APIkey."&client_secret=".$this->APIkeySecr."&grant_type=client_credentials”;

	$fields = array(
		'__V'      => '1'
	);
	$fields_string = http_build_query($fields);

	$ch = curl_init();
	curl_setopt($ch,CURLOPT_URL, $urlp);
	curl_setopt($ch,CURLOPT_POST, true);
	curl_setopt($ch,CURLOPT_POSTFIELDS, $fields_string);
	curl_setopt($ch,CURLOPT_RETURNTRANSFER, true); 
	$data = curl_exec($ch);

Thanks to all!

BarryCarlyon · July 21, 2020, 11:39am

If that works where your former script didn’t that would suggest you have different versions of PHP on local and live

And thus different php.ini and different defaults.

Rather than sending trash in the POSTFIELDS you could send the whole payload
Or declare a header to declare what content type you are sending.

So a

curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-Type: application/x-www-form-urlencoded'));

Might solve your issue.

11148 · July 21, 2020, 11:41am

Most likely, it was necessary to transfer any data to the CURLOPT_POSTFIELDS.

BarryCarlyon · July 21, 2020, 11:43am

I didn’t using this script https://github.com/BarryCarlyon/twitch_misc/blob/master/authentication/app_access_tokens/php/generate_token_as_qs.php

Which I wrote this morning to test this thread

Also corrected my original reply due to bad copy paste of my script. I need to go find some coffee

system · August 20, 2020, 11:43am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.