[PHP] Can't get Access Token

I’m trying to get my OAuth access key using the Twitch API (I must admit it is such a long winded way compared to previously).

Here’s what I have so far and it just returns absolutely nothing - obviously my ID/Secret/Code is stored in the appropriate variables.

// Get OAuth part 2
$url = "https://id.twitch.tv/oauth2/token";
$fields = array(
    "client_id" => $ClientID,
    "client_secret" => $ClientSecret,
    "code" => $auth,
    "grant_type" => "authorization_code",
    "redirect_uri" => $redir
);
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,  $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($fields));
$output = curl_exec($ch);
print_r($output);
curl_close($ch);

Am I doing something wrong? Apparently the URL returns a 404 error so I read that you had to do a POST request using CURL. But still nothing.

Any help would be appreciated. Everything I’ve read on these forums hasn’t worked.

This example might help you

The only difference between mine and yours is that yours is doing

curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($fields));

and mine is just

curl_setopt($ch, CURLOPT_POSTFIELDS, $fields);

But that wouldn’t generate a 404 unless PHP is messing about somewhere. Unless you were getting the 404 with a GET request, it’s unclear if your current error is a 404 or not. (You got a 404 and switched to POST and now getting a different unspecified error, which means it’s your POST field encoding)

I run

        $ch = curl_init('https://id.twitch.tv/oauth2/token');
        curl_setopt($ch, CURLOPT_POST, true);
        curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
        curl_setopt($ch, CURLOPT_POSTFIELDS, array(
            'client_id' => CLIENT_ID,
            'client_secret' => CLIENT_SECRET,
            'code' => $_GET['code'],
            'grant_type' => 'authorization_code',
            'redirect_uri' => REDIRECT_URI
        ));

I think i resolved the issue. I tried to return the error that CURL was giving and it said: “unable to get local issuer certificate”

A quick google search returned that I should add the following params:

curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);

I did this and now it seems to be working. Maybe I shouldn’t have jumped the gun and made a post about it - I normally only do so as a last resort - but at least if others see it they might benefit from the answer.

–EDIT–
This was a temporary solution that I had when building on a localhost environment without HTTPS. Do not do the above in a live environment - instead make sure your SSL Certificate is up to date. Thanks to BarryCarlyon for the heads up.

NO DO NOT DO THIS.

IF YOU NEED TO DO THIS THEN YOUR SSL BUNDLE IS OUT OF DATE AND SHOULD BE UPDATED

Would this matter if I was only testing on a non https localhost? I’d assume once I moved this to my website that has an SSL I probably wouldn’t have had the issue no?

You should fix your localhost, otherwise localhost is not a good model of production.

And you’ll end up forgetting to remove your “localhost specific code” and break productions security, since the code you are adding introduces a security vulnerability

Thanks… I’ll bear this in mind… and I’ll also mark yours as the solution since mine is a temp workaround which could have negative repercussions for the average user.

This error usually means you have something “out of date”

Either PHP itself, cURL, or it’s cert bundles.

Fixing that depends on which platform you are on

It’s usually only a “problem” on certain windows setups (WAMP)

So you’ll need to find the fix for your specific platform

Yep, I was using WAMP :slight_smile: