OIDC Authorization Code Flow - Missing id_token

Hello everyone!

I’m about to set up an OIDC authentication for my app. Therefore I tried it with the serverside flow (also known as “Authorization Code Flow”), but unfortunately I get only the OAuth2 access_token and refresh_token, opposed to the desired id_token. I followed also the documentation:

Is this a bug or do I something wrong?

Also refering to (sadly closed due no response):

Thank you in advance!

Can you provide the POST that you’re sending (with all the secure bits removed)?

Sure! (Thank you for the fast answer btw :slight_smile:)




    "access_token": "<accesstoken>",
    "refresh_token": "<refreshtoken>",
    "scope": [

Hello has this been resolved? I’m running into the same issue. The request documented here seems to be the same for the OIDC and the OAuth2 flow. I am not receiving the id_token (or even the expires_in), just the access_token, refresh_token, and scopes.

I have been able to work around the issue by using a response_type of “id_token code”, which interestingly enough gives a different result if I use a response_type of “code id_token”. The former uses the authorization code response, and the latter uses the implicit flow response. This seems to be a bug that should be looked at soon. Otherwise the whole system seems to be broken.

1 Like

it works for me, what are you posting to the authorize endpoint?

just double checked this you are posting to https://api.twitch.tv/kraken/oauth2/token when you should be posting to https://api.twitch.tv/api/oauth2/token

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.