Hitting "Invalid OAuth token" whatever I call video or clips endpoint

  1. I tried to get the OAuth authorization code using this following GET request :

https://id.twitch.tv/oauth2/authorize?response_type=code&client_id=xxx&redirect_uri=xxx&scope=user:read:email

  1. Then I can able to get the code, after that I send this POST request :

     	$endpoint = "https://id.twitch.tv/oauth2/token?client_id=xxx&client_secret=xxx&grant_type=authorization_code&redirect_uri=xxx&code=xxx";
    
     	$ch = curl_init();
    
     	curl_setopt($ch, CURLOPT_URL, $endpoint);
     	curl_setopt($ch, CURLOPT_POST, true);
    
     	$contents = curl_exec($ch);
     	curl_close($ch);
    
  2. I received this response :

{"access_token":"xxx","expires_in":15047,"refresh_token":"xxx","scope":["user:read:email"],"token_type":"bearer"}

  1. Once I get the access token then I trying to make a request to get this video info (Twitch) :

     	$endpoint = 'https://api.twitch.tv/helix/videos?id=' . $videoId;
    
     	$header = array();
     	$header[] = 'Client-ID: clientId';
     	$header[] = 'Authorization: Bearer accesstoken';
    
     	curl_setopt($ch, CURLOPT_URL, $endpoint);
     	curl_setopt($ch, CURLOPT_HTTPHEADER, $header);
    
     	$result = curl_exec($ch);
     	curl_close($ch);
    

Then it return me “Invalid OAuth token” response, hope someone can guide me regarding this :joy: :joy:

Client error: GET https://api.twitch.tv/helix/videos?id=642942113resulted in a401 Unauthorized response: {"error":"Unauthorized","status":401,"message":"Invalid OAuth token"}

You did json decode the response in 2 to correctly pass to 4?

Also removed your access/refresh tokens, they are passwords and should be treated as such

Also removed your access/refresh tokens, they are passwords and should be treated as such

Thanks, I already edited my post.

You did json decode the response in 2 to correctly pass to 4?

Actually I do not have do any json decode, that response I get it directly when I var_dump this $content from this following code :

	$ch = curl_init();

	curl_setopt($ch, CURLOPT_URL, $endpoint);
	curl_setopt($ch, CURLOPT_POST, true);

	$contents = curl_exec($ch);
	curl_close($ch);

Then I stop this process once I got that access token.

After that I manually make another new request to call video endpoint using this access token as what I mentioned at number 4 then I getting this error : {“error”:“Unauthorized”,“status”:401,“message”:“Invalid OAuth token”.

Is it I can’t call it this way separately?

By the way, what I trying to do is, I would like to get this specific video info (Twitch) like video title/description/thumbnail because I can’t get this video real info when I view this video page source.

All the video meta data and Opengraph data will show the same e.g.

<title >Twitch</title>
< meta property='og:site_name' content='Twitch'>
< meta property='fb:app_id' content='161273083968709'>
< meta property='twitter:site' content='@twitch'>
< meta name='title' content='Twitch'>
< meta property='og:title' content='Twitch'><meta property='og:description' content='Twitch is the world&#39;s leading video platform and community for gamers.'>
< meta property='og:image' content='https://static-cdn.jtvnw.net/ttv-static-metadata/twitch_logo3.jpg'>< meta property='og:url' content='https://www.twitch.tv/videos/642942113'>
< meta property='og:type' content='website'>

Do you have any ideas for this so when the user share this link on the social network, the system should able to retrieve all these video info (title/description/thumbnail) so it can able to populate the correct video title/description/thumbnail on the site.

By the way, thanks for your response :smiley:

Open graph works a bit odd on twitch, so better off using a validator than looking at the source. It can sometimes populate the tags after the page has loaded, which is why you are not seeing them in the source (try inspect element instead)

If you are manually copying the access token in not sure what you are doing wrong…

Step three returns

{"access_token":"myAccessToken","expires_in":15047,"refresh_token":"xxx","scope":["user:read:email"],"token_type":"bearer"}

So your header would be

$header[] = 'Authorization: Bearer myAccessToken';

Just that one part not the whole response.

Since the token was just generated, I’m don’t think it’s an expires issue

Since the token was just generated, I’m don’t think it’s an expires issue

Yes, I thought that so.
Hm, currently I also not sure where goes wrong.

Perhaps you can give me some ideas whether I do it correctly or not if I want to get the specific video info :

  1. Before I request this video endpoint https://dev.twitch.tv/docs/api/reference#get-videos , I need to get the app access token (without scope) first base on this docs mentioned https://dev.twitch.tv/docs/authentication/getting-tokens-oauth#oauth-client-credentials-flow
  • May i know what is this parameter &grant_type=client_credentials? Is it just put the client_credentials then okay d or it needed to put user login password?
  1. Once I get the app access token after request that endpoint, then I need to curl similar like this in order to retrieve the specific video info right?
'Client-ID: myAppClientId' \
'Authorization: Bearer myAppAccessToken' \
GET 'https://api.twitch.tv/helix/videos?id=videoId'

It’s literally client_credentials

Correct

I just ran into this exact same problem today. My script was working perfectly, then it just stopped. It turned out I had to decode the response and then extract the access token from the decoded response. Otherwise, $accessToken was an empty string, thus invalid. This is how I rewrote my code.

$response = json_decode($response);
$accessToken = $response->access_token; 

This implies something changed with the API response for access tokens. I’m not sure what, but this fixed it immediately.

It’s never changed, if running progmatically, you have to JSON decode the response from Twitch and grab the access_token from the object, so not sure why your script was working before this

Thanks Barry, I can manage to make it work, it seems like something is not right when I using guzzle curl request. If I using normal PHP curl request, I no longer getting “invalid Oauth token” now.

But currently I haven’t troubleshoot this why guzzle curl request can’t make it work yet.

By the way, thanks for your help. :grinning:

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.