How can I get Authorization OAuth token?

yingluwang · February 12, 2018, 4:11pm

Hi guys!

I am very very very new to api (in general)…
I am trying to use Twithtv api to get online/offline user.

I registered an application (web integration category…) and got Client-ID.

Then I was trying to get token. I used OAuth Authorization Code Flow.

I saw the below example in documentation:

curl -H ‘Accept: application/vnd.twitchtv.v5+json’
-H ‘Authorization: OAuth cfabdegwdoklmawdzdo98xt2fo512y’
-X GET ‘https://api.twitch.tv/kraken/oauth2/authorize?response_type=code&client_id=uo6dggojyb8d6soh92zknwmi5ej1q2&redirect_uri=http://localhost&scope=viewing_activity_read&state=c3ab8aa609ea11e793ae92361f002671’

I was wondering how can I get the number after ‘OAuth’???

Also, after I registered the app, the client secret is not shown. Do I need to click New Secret to get that? If I do not need to click, where else I can get client secret? If I do need to, do I need to submit to update this client secret?

Cheers!

BarryCarlyon · February 12, 2018, 4:28pm

Yes

That is the OAuth Authorization Code Flow (User Access Tokens) yes?

You must first redirect the user to Twitch as per step 1.

Send the user you want to authenticate to your registered redirect URI. Then, an authorization page will ask the user to sign up or log into Twitch and allow the user to choose whether to authorize your application/identity system. Use this request:

redirect to https://api.twitch.tv/kraken/oauth2/authorize
?client_id=
&redirect_uri=
&response_type=code
&scope=

Then you do step 2 to exchange the returned Query String code for a oAuth token

yingluwang · February 12, 2018, 4:57pm

Hi Barry,

So after i click New Secret, do i need to submit to update?

By sending the request, I can put the https in the web browser directly instead of doing everything in terminal?

BarryCarlyon · February 12, 2018, 5:25pm

You do not. I usually do myself.

Yes.You need to redirect the user to twitch in order to authenticate

yingluwang · February 12, 2018, 6:06pm

So do you mean the code that I extract from the redirect uri is the OAuth token?

BarryCarlyon · February 12, 2018, 6:48pm

No you must take the code and exchange the code for a oauth token

You must perform step 3:

On your server, get an access token and ID token by making this request:

yingluwang · February 12, 2018, 7:07pm

Ok…this gets back to what i did when I tried to get the token for the first time…

After I get the code, i put the following code in the terminal:

curl -POST https://api.twitch.tv/kraken/oauth2/token?client_id=tj0wb2g05lyddfklsur2nuqcmfi86h&client_secret=MyClientSecret&code=MyCode&grant_type=authorization_code&redirect_uri=http://localhost

And returned {“error”:“Not Found”,“status”:404,“message”:null}…

george · February 12, 2018, 10:04pm

If all you care about is whether a stream is online or offline you don’t need an oauth token. It can be done with either Helix or Kraken with only a client ID.

yingluwang · February 12, 2018, 10:27pm

Hey, by saying that, do you mean i dont need to use either OIDC or OAuth?

george · February 12, 2018, 10:36pm

Correct

For example with Helix:

curl -H 'Client-ID: YOUR-CLIENT-ID' \
-X GET 'https://api.twitch.tv/helix/streams?user_login=lirik'

Online:

{"data":[{"id":"27586417744","user_id":"23161357","game_id":"459841","community_ids":[],"type":"live","title":"MONDAY IN 2018 LUL ","viewer_count":32951,"started_at":"2018-02-12T19:35:08Z","language":"en","thumbnail_url":"https://static-cdn.jtvnw.net/previews-ttv/live_user_lirik-{width}x{height}.jpg"}],"pagination":{"cursor":"eyJiIjpudWxsLCJhIjp7Ik9mZnNldCI6MX19"}}

Offline:

{"data":[],"pagination":{}}

yingluwang · February 12, 2018, 11:15pm

Does this mean I have to hard-code all the usernames?

Can I get a user’s subscribers online/offline status?

Cheers!

george · February 12, 2018, 11:16pm

It might help if you tell us what your application is designed to do.

You will need to implement an OAuth flow if you need access to subscription lists with the access being granted by the channel owner to which the users are subbed.

yingluwang · February 12, 2018, 11:21pm

I am new to twitch tv api, at this moment I just want to build an easy app (for practice purpose) to get a specific user’s subscribers’ status information.

yingluwang · February 12, 2018, 11:35pm

Can I put all these in a js file? In which part of URL I should put my client id?

george · February 12, 2018, 11:41pm

For Helix you need to send the client ID has a header, it cannot be passed as part of the URL. Most libraries can do that easily though.

jQuery example:

jQuery.ajax({
   type: 'GET',
   url: 'https://api.twitch.tv/helix/streams?user_login=lirik',
   headers: {
     'Client-ID': 'YOUR-CLIENT-ID'
   },
   success: function(c){
      //data array is empty when queried channel is offline
      if (c.data.length > 0) { 
        //Stream is online
      } else {
        //Stream is offline
      }
   }
});

yingluwang · February 13, 2018, 12:05am

Hi George,

Thank you! I will hard-code this first.

One more quick question, after I click New Secret, do I need to submit to tell the computer that the client id is associated with a new secret?

swiftyspiffy · February 14, 2018, 2:42am

No, your client id doesn’t typically change. Your secret can change (normally in the event it was leaked). Your client id is not tied to your secret in any meaningful way.

yingluwang · February 14, 2018, 2:55am

Cheers!

I am still vary confused about the number after “Authorization: OAuth”…
Where can I get it?

3ventic · February 14, 2018, 7:03am

Forges1981 · February 15, 2018, 5:24pm

thanks a lot for all the answers i’ve got here! i really appreciate it as i was searching for same things. may i ask questions in case i would have some? thanks again