I’m working on a login in a Android App which loads the authorize page via WebView.
My URL looks something like this:
https://api.twitch.tv/kraken/oauth2/authenticate?action=authorize&client_id=CENSORED&redirect_uri=http%3A%2F%2Flocalhost&response_type=token&scope=user_read+chat_login
The login form loads fine in my app but once I try to login with any account i get a blank page with only 1 line of text “Forbidden - CSRF token invalid”
Earlier I had this exact same setup working, but now it throws this error. Sign Up results in the same. New ClientId/App doesn’t help either.
Any idea what I’m doing wrong? I’m getting a redirect to passport.twitch.tv but I don’t see any csrf_token in there just my client id (twice weirdly)
Looks kinda weird:
https://passport.twitch.tv/sessions/new?client_id=CENSORED&redirect_path=https://api.twitch.tv/kraken/oauth2/authorize?action=authenticate&client_id=CENSORED&redirect_uri=http%3A%2F%2Flocalhost&response_type=token&scope=user_read+chat_login&redirect_uri=http://localhost&response_type=token&scope=user_read chat_login