Making Requests Without OAuth

AtomicWeazel · June 6, 2020, 1:25am

I’m trying to get a users follower count, this is public information so I don’t see the user needing to login to their Twitch account or anything like that. The code I’m currently using is as follows:

url = ‘https://api.twitch.tv/helix/users/follows?from_login={self.username}’.format(self=UserAccount)
headers ={‘Client-ID’: ‘#CLIENT ID HERE#’}
requests.get(url=url, headers=headers)

I am replacing #CLIENT ID HERE# with my application Client ID.

The result I get from this is

b’{“error”:“Unauthorized”,“status”:401,“message”:“OAuth token is missing”}’

How do I get an OAuth token as I don’t think the user will want to verify an account for just getting ‘public’ information?

matt_thomas · June 6, 2020, 1:27am

You will want an app access token, being handled in the background, inaccessible to the users.

AtomicWeazel · June 6, 2020, 2:07am

Hi Matt,

Thanks for the quick reply. I’ve tried the links above however when I make my requests I get webpages back instead of the auth token? I’m using http://localhost as my redirect if that has any impact?

url = ‘https://id.twitch.tv/oauth2/authorize’
header = {
‘Client-ID’: TwitchService.clientID,
‘redirect_uri’: ‘http://localhost’,
‘response_type’: ‘token’,
‘scope’: ‘’
}
requests.get(url=url, headers=header)

Thanks,
Tom

Dist · June 6, 2020, 6:53am

You’re getting a web page because you need to actually send the user you need an OAuth token from to that URL. Once their on Twitch they’ll see a confirmation box asking if they wish to grant your app whichever scopes you’ve requested, and then they’ll get redirected to your redirect URL.

Alternatively if you don’t require any user scopes, and are doing this on your server, you can use the Client Credentials flow to generate an App Access Token, which doesn’t require user interaction.

AtomicWeazel · June 6, 2020, 10:34pm

Fantastic! Thank you so much for pointing me towards the Client Credentials flow, I think this is exactly what I was looking for. The next issue I’m getting is that I’m getting an Error 400 when using the following code:

url = ‘https://id.twitch.tv/oauth2/token’
header = {
'client_id ': TwitchService.clientID,
‘client_secret’: TwitchService.clientSecret,
‘grant_type’: ‘client_credentials’,
‘scope’: ‘viewing_activity_read’
}
response = requests.post(url=url, headers=header)

As far as I can see I’m mimicking the request that is being shown on the website using the same URL and names for fields, sorry if I’ve missed something obvious with this and thanks for the help so far.

I’m referencing the guide here:
https://dev.twitch.tv/docs/authentication/getting-tokens-oauth#oauth-client-credentials-flow

matt_thomas · June 7, 2020, 3:08am

That should be a URL and parameters, not headers.
https://id.twitch.tv/oauth2/token?client_id=TwitchService.clientID&client_secret=TwitchService.clientSecret&grant_type=client_credentials&scope=viewing_activity_read

system · July 7, 2020, 3:08am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.