Newly created access_token is invalid

dorian-marchal · June 19, 2018, 12:38pm

I created an access_token with this endpoint:

POST https://api.twitch.tv/kraken/oauth2/token

With following data :

client_id: XXX
client_secret: XXX
grant_type: client_credentials
scope: channel_read channel_editor channel_commercial

This gives me:

{
    "access_token": "XXX",
    "refresh_token": "",
    "scope": [
        "channel_read",
        "channel_editor",
        "channel_commercial"
    ],
    "expires_in": 4742688
}

(By the way, why doesn’t this endpoint give me a refresh_token?)

When I try to check the validity of this newly created access_token, with the following endpoint:

GET https://api.twitch.tv/kraken?oauth_token=XXX&client_id=XXX

I get:

{
    "identified": true,
    "token": {
        "valid": false,
        "authorization": null
    },
    "_links": {
        "channel": "https://api.twitch.tv/kraken/channel",
        "teams": "https://api.twitch.tv/kraken/teams",
        "user": "https://api.twitch.tv/kraken/user",
        "streams": "https://api.twitch.tv/kraken/streams",
        "ingests": "https://api.twitch.tv/kraken/ingests"
    }
}

Any idea?

3ventic · June 19, 2018, 2:17pm

client_credentials grant type is not used for anything in kraken. You should also use id.twitch.tv in the token flow as described in the documentation, not the old api.twitch.tv/kraken/oauth2: https://dev.twitch.tv/docs/authentication/

system · July 19, 2018, 2:17pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.