OAuth client-secret invalid after oauth_receipt

jordan30001 · November 5, 2017, 3:44pm

I am having issues generating an OAuth code after enabling my extension with oauth_receipt endpoint where I keep getting invalid_client_secret error.

Steps taken:

User authorises exstension
Save param ‘code’ for later
post to https://api.twitch.tv/extensions/<extension id>/0.0.1/oauth_receipt?channel_id=<channel id>
with header “Authorisation”: Bearer <token>
Endpoint returns 204
post to https://api.twitch.tv/kraken/oauth2/token?client_id=<extension id>&client_secret=<urlencoded secret>&code=<code received from 1.1>&grant_type=authorization_code&redirect_uri=<urlencoded url>

response

{
"error": "Forbidden",
"status": 403,
"message": "Invalid client secret"
}

The <client secret> that I am using is the one generated from https://api.twitch.tv/extensions/<extension ID>/auth/secret
Which I assume is not the correct client secret I am looking for, can anyone shed some light on this?

BarryCarlyon · November 5, 2017, 5:39pm

The Extension dashboard doesn’t show you the Client Secret (but does the RedirectURI).

Obtain the Client Secret from: https://dev.twitch.tv/dashboard/apps/MYEXTENSIONID/edit like a Traditional App.

I raised this issue with the devs at TwitchCon so I know a ticket is in.