Invalid Authorization Code

API
1

Hello, I am wondering if someone could double check if this looks correct. In testing, when I first land on my redirected page and have the auth code and the scope, I don’t seem to be able to request the auth token (both of my console.logs are an empty string). If I refresh the page I get invalid auth displayed in my logs, which through some debugging I found out the auth code has changed. So I handle it by redirecting to the Twitch page which returns me back with an updated auth code (which instantly becomes in valid again).

Is the auth code supposed to be changing instantly, is it something here in my code that’s causing it to be updated and making my token requests fail?

Thanks

UPDATE: So, I just added this:

	var json = '<? echo $oauthResult ?>';

	console.log($.parseJSON(json));

and I can see the token. Is $oath not echoing the token correctly or is there an issue with my access of it in the PHP?

<?php $uri = "https://api.twitch.tv/kraken/oauth2/authorize?response_type=code"; $redirect = [redirect setting in my app] $client_id = [id setting in my app]; $scope = "channel_subscriptions"; $authURI = $uri . "&client_id=" . $client_id . "&redirect_uri=" . $redirect . "&scope=" . $scope; $code = $_GET['code']; $authPostBody = "client_id=" . $client_id . "client_secret=". $client_secret . "&redirect_uri=" . $redirect . "&code=" . $code; if ($_SERVER['REQUEST_METHOD'] == "GET") { if (!empty($code)) { $uri = "https://api.twitch.tv/kraken/oauth2"; $client_id = "[id setting in my app]"; $client_secret = "[secret setting in my app]"; $redirect = "[redirect setting in my app]"; $params = array( 'client_id' => $client_id, 'client_secret' => $client_secret, 'grant_type' => 'authorization_code', 'redirect_uri' => $redirect, 'code' => $code ); $oauthResult = post_url_contents("https://api.twitch.tv/kraken/oauth2/token", $params); $json_decoded_oauthResult = json_decode($oauthResult, true); $oauth = $json_decoded_oauthResult['access_token']; $error = $json_decoded_oauthResult['error']; $message = $json_decoded_oauthResult['message']; } } function get_url_contents($url){ $crl = curl_init(); $timeout = 5; curl_setopt ($crl, CURLOPT_URL,$url); curl_setopt ($crl, CURLOPT_RETURNTRANSFER, 1); curl_setopt ($crl, CURLOPT_CONNECTTIMEOUT, $timeout); $ret = curl_exec($crl); curl_close($crl); return $ret; } function post_url_contents($url, $fields) { foreach($fields as $key=>$value) { $fields_string .= $key.'='.urlencode($value).'&'; } rtrim($fields_string, '&'); $crl = curl_init(); $timeout = 5; curl_setopt($crl, CURLOPT_URL,$url); curl_setopt($crl,CURLOPT_POST, count($fields)); curl_setopt($crl,CURLOPT_POSTFIELDS, $fields_string); curl_setopt ($crl, CURLOPT_RETURNTRANSFER, 1); curl_setopt ($crl, CURLOPT_CONNECTTIMEOUT, $timeout); $ret = curl_exec($crl); curl_close($crl); return $ret; } ?> 
<script>		
	console.log("<? echo $oath . $error ?>");
	console.log("<? echo $message ?>");
</script>
2

Well, in your console log you misspell $oauth, so that may be your problem. You’re actual PHP code looks fine as far as I can see. And yes, you can only exchange the auth code for an auth token once, so refreshing the page is expected to give “Invalid auth”.

3

Thanks for taking the time to look over this. As you pointed out, it was indeed the typo. $oauth does contain the token!

So I have to be sending the refresh token, and not the original auth code, to maintain the auth token?

4

There should be no need to use the refresh token in any way. The auth TOKEN is immortal and will last as long as the user doesn’t generate a new one for your client. The auth CODE (which you exchange for a token) can only be used once.

5

That, again, was exactly my problem. Thanks Fugiman, really appreciate the support you’ve provided in these past ~15 hours. I’m seeing exactly the results I expect now!

6

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.