Hello.
I’m trying to create a PHP callback script for OAuth authorization:
<?php
$client_id = 'MYCLIENTID';
$client_secret = 'ACLIENTSECRET';
$redirect_uri= "http://plox.nu/oauth/callback.php";
$authorization_code = $_GET['code'];
$url = '[https://id.twitch.tv/oauth2/token'](https://id.twitch.tv/oauth2/token');
$data = array(
'client_id' => $client_id,
'client_secret' => $client_secret,
'redirect_uri' => $redirect_uri,
'code' => $authorization_code
);
$options = array(
'http' => array(
'header' => "Content-type: application/json\r\n",
'method' => 'POST',
'content' => json_encode($data)
)
);
$context = stream_context_create($options);
$result = file_get_contents($url, false, $context);
var_dump($context);
However I only get Error 500’s when trying it out. Anyone see the error?
Your URL is malformed
$url = 'https://id.twitch.tv/oauth2/token';
You you should be using cURL not file_get_contents
. FGC is normally blocked from making HTTP requests on most providers for security reasons
Provides a PHP example
session_destroy();
header('Location: /');
exit;
} else if (isset($_GET['code']) && $_GET['code']) {
// we have a code on the address line so lets parse and exchange
// validate the state/nonce
if (isset($_SESSION['nonce']) && isset($_GET['state']) && $_SESSION['nonce'] == $_GET['state']) {
// lets exchange the code for an access token
$ch = curl_init('https://id.twitch.tv/oauth2/token');
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, array(
'client_id' => CLIENT_ID,
'client_secret' => CLIENT_SECRET,
'code' => $_GET['code'],
'grant_type' => 'authorization_code',
'redirect_uri' => REDIRECT_URI
));
Line 38 onwards specifically
Apparently $_GET[‘code’] is not set when falling to the callback. How can I try to trace the cause of this?
My authorization link:
https://id.twitch.tv/oauth2/authorize?client_id=<myid>&redirect_uri=http://plox.nu/oauth/callback.php&response_type=force_verify&scope=bits:read
The URL it redirects to is clean without any arguments. If I deny access then it will give me an error, but not if I allow it.
Your response_type
is force_verify
it should be code
for this example
} else {
scopes.push(checks[x].getAttribute('name'));
}
}
}
}
var url = 'https://id.twitch.tv/oauth2/authorize'
+ '?client_id=' + client_id
+ '&redirect_uri=' + redirect_uri
+ '&response_type=code'
+ '&force_verify=' + force_verify
+ '&state=' + state
+ '&scope=';
url += scopes.join('+');
document.getElementById('auth_url_preview').textContent = url;
document.getElementById('auth_url').setAttribute('href', url);
}
generate();
Line 27 of this example shows a URL being constructed.
condolent:
?client_id=<myid>
ClientID’s are public there is no need to hide this
Should be
https://id.twitch.tv/oauth2/authorize?client_id=<myid>&redirect_uri=http://plox.nu/oauth/callback.php&response_type=code&scope=bits:read
You can optionally add
https://id.twitch.tv/oauth2/authorize?client_id=<myid>&redirect_uri=http://plox.nu/oauth/callback.php&response_type=code&scope=bits:read&force_verify=true
if you need Force Verify
system
Closed
August 24, 2020, 10:58pm
5
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.