Notice how scope is a hot mess of v5 and helix scopes but apparently the system gives me a valid oauth token that is secretly a bearer back. When i validate that thing it gives me that exact scope as well. So apparently that mess is valid. I tried first with just channel_editor cause that is what i need per the docs. I then added user_read cause i thought that it might need that to authenticate what user is present
i also tried to create a random collection just for the heck of it, acquiring another token but the result is the same. Conclusion on my part: i did something with the token wrong, its either the method how i obtain it or there is some intermediary step i have to do. But the question is…what?
You need a user token not a server to server token.
You generated a token that doesn’t represent anyone/a user.
Then tried to upload a video as “no user” so there was no user to own the video.
Also you requested user:read:email/user_read on a token that can’t have a user.
You need
not
TLDR: You have the wrong type of token.
“OAuth” and “Bearer” are just “prefixes” that kraken and helix return. Any token is an “OAuth Token” and is a “Bearer Token”. It’s not secretely anything it’s just an oAuth token.
No that doesn’t make a user be present in the token, that grants access to non public information about the user (in this case the email) when generating a regular user token.
But client_credentials doesn’t have a user attached to it.
The validate endpoint didn’t return a UserID in the response though did it?
Currently not at the pc, so no testing done yet.
I have seen the other auth method and it said something of localhost.
But, if i see that right i need to spin up a Webserver and write some roundabout php stuff just to get an auth token for a program that is ever only used by one person per time. I have problems understanding that and wrap my head around this. Why can’t i just generate a token inside my account but instead need to design a whole key generation infrastructure around something.
The answer is most likely security but i am really questioning my intelligence for just not getting it
You’ll need to generate a token via the web flow.
Then when that token dies use the refresh token to get a new token.
If the refresh token is dead then you’ll need to web flow again
To the surprise of noone this works of course, i am still a bit miffed that the process is fairly complicated and that i cannot just let my program zombie around since client tokens are rather short lived. I could set a cron job to extend them every 2 hours but is that the way its supposed to be?
A “regular” user token is only valid for four hours.
And you only need to refresh it when you need it.
So you only need to use the refresh token to get a new access token when you are about to go and upload a video, not every 2 hours.
But yes you can use a cronjob to do it every 2 hours.
I have a cronjob that runs every 15 minutes and checks the expiration time on the token
And if it’s less than 30 minutes, then I make a new token. Thats for “high use tokens”
For chat bot tokens I refresh when the bot restarts and needs to connect to chat, since the token only needs to be valid when the bot connects to chat. Then the bot will internally use an app access token to call public data (like stream titles)
This is “industry standard” oAuth. Sure Twitch’s token expiration is potentially shorter than other sites.
But once you have learned oAuth then the exact same code works on a multidue of sites. You just have to plug in a different set of keys and the URL’s
So with a template you can get (off the top of my head)
adobesign
discord
ebay
elite dangerous
github
mixer (yeah it’s dead now)
shopify
slack
these all use the same base code I jsut feed it different URL’s and lists of scopes
(not Tiwtter that users oAuth 1.0a which works differently)
Whta doesn’t work, what error are you getting for which request?
I would not dream to say that the standard is bad or anything, i already expected that its “complicated” for a reason, its just a personal dumbness that i struggle with the process. As per usual i had an interesting idea and just wanted to dive into it and was a bit annoyed that i encountered a hard stop that served as a serious diversion. But you are right, the knowledge i found here will be of use for me for other projects.
Whta doesn’t work, what error are you getting for which request?
oh, i am sorry, we have a missunderstanding here. Everything works just fine after i did the correct authentication and i proceeded with my stuff. I greatly appreciate your pointers.