Invalid oauth_token on /channel

azorgh · June 7, 2018, 9:42am

Hi there

I made a server side script to get channel details (and more in the future).

Step 1 : I generate a new OAuth token with the channel_read scope. Everything is fine, when I debug the response, I got the token, valid at true, my client id, and a expires_in data.

Step 2 : I hit the /channel endpoint, with the Authorization header and the token given. But I got a “invalid oauth token” response.

The token was just generated, how it’s possible to have a invalid one ?

Here the headers of my request :

> GET /kraken/channel HTTP/1.1
Host: api.twitch.tv
Authorization: OAuth eg8k1yyb3vm4fq75miqt**********
Accept: application/vnd.twitchtv.v5+json
Client-ID: ilickoxxp9y3t9x89z1v**********
User-Agent: GuzzleHttp/6.3.3 curl/7.47.0 PHP/7.1.16-1+ubuntu16.04.1+deb.sury.org+1

And there is the response :
{"error":"Unauthorized","status":401,"message":"invalid oauth token"}

I really don’t understand why

Thanks for your help !

Buran · June 7, 2018, 1:55pm

Not sure what is wrong here (haven’t tried to use v5 for some time) but I would do a few checks:

Are you sure you use HTTPS?
Try this request with the same token using some local tool like curl/postman. Do you see the same error?

Dist · June 7, 2018, 2:44pm

Have you tried sending a request to the root kraken domain, ie https://api.twitch.tv/kraken as that’ll respond with the validity and scopes of the token so is a good way check the status of the token.

azorgh · June 7, 2018, 2:57pm

I’ve found the solution.

In fact, I don’t need the oauth key provided by this endpoint (server->server).
I’ve generated a auth key with this website : https://twitchtokengenerator.com

And the script works well with the given oauth token. My script juste refresh the token to be sure it is not expired.

Well, thanks for your answers guys,
<3

Dist · June 7, 2018, 3:41pm

Yeah, for future reference for anyone else who may run into this and want to get tokens themselves rather than use 3rd party sites like that to get tokens for you, you need to get a User token rather than an App token.

App tokens are for server to server requests that are NOT associated with a user (and and such can not be used on endpoints that require user authentication, as the the channel endpoint mentioned in this thread).

system · July 7, 2018, 3:41pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.