Python - Edit Stream Title (401 invalid oauth token)

the-roth · January 13, 2018, 10:00am

Hi, I have a bot written in Python and would like to use that to edit my own stream title (my stream name differs from that of the bot). From what I gather I need to register an app to get a client ID & secret (using my actual stream name, not that of the bot), make a POST request to get an app access token with channel_editor scope (not sure if openid is needed as well) and then use this to make a PUT request to edit my channel stream title. So far I’ve been able to get the access token with the following code:

postURL = "https://api.twitch.tv/kraken/oauth2/token"
postParams = {"client_id" : config.CLIENT_ID,
			"client_secret" : config.SECRET,
			"grant_type" : "client_credentials",
			"scope" : "openid channel_editor"}

postResponse = requests.post(postURL, data=postParams).json()
accessToken = postResponse["access_token"]

This gives me my access token with channel editor permission, which works when I plug it into https://api.twitch.tv/kraken/?oauth_token=accessToken. With the PUT request I have this:

putURL = "https://api.twitch.tv/kraken/channels/" + config.CHANNEL
putHeaders = {"Client-ID": config.CLIENT_ID,
			"Authorization": "OAuth " + accessToken,
			"Accept": "application/vnd.twitchtv.v5+json"}
putData = {"channel": {"status": "Status Update Successful"}}
putResponse = requests.put(putURL, headers=putHeaders, params = putData)

I get a 401 response - ‘invalid oauth token’ and am unsure how to fix it. Hopefully it’s something simple - I’ve read something about that the access token isn’t the same as an oauth token but I have no idea what other code I could possibly use.

BarryCarlyon · January 13, 2018, 11:04am

So you are working with a OAuth Client Credentials Flow (App Access Tokens) ?

This doesn’t give you access to a channel…

You need to use any other auth types listed https://dev.twitch.tv/docs/authentication#getting-tokens I usually go for https://dev.twitch.tv/docs/authentication#oauth-authorization-code-flow-user-access-tokens myself

Did you use channel name or channel ID here. It should be the channel ID. But you appear to be using the wrong token type, so moot point

the-roth · January 13, 2018, 1:36pm

Okay so I tried OAuth Authorization Code Flow (User Access Tokens) and used the following code:

getURL = "https://api.twitch.tv/kraken/oauth2/authorize"
getHeaders = {"client_id" : "" + config.CLIENT_ID + "",
			"redirect_uri" : "http://localhost",
			"response_type" : "code",
			"scope" : "channel_editor"}

getResponse = requests.get(url=getURL, headers=getHeaders).json()

I’m getting 400 ‘no client id specified’. If I copy and paste the GET request (putting in client id, redirect uri, response type and scope) into a web browser I get taken to localhost with a code and channel_editor scope though.

Edit: noticed I had to use params instead of headers in the get request. Removing the .json() from the end of getResponse gives me code 200 which I think is good?

3ventic · January 13, 2018, 8:12pm

You redirect/link the user to that URL (for web apps) or open the user’s browser with that URL (for local apps) to get the user’s authorization.

Auth code flow goes roughly as follows:

make user go to the authorization page
user returns to redirect_uri with a code GET param
application makes a request to the auth endpoint to exchange code for an access token.

the-roth · January 14, 2018, 11:42am

Okay thanks. The above code (with .url) gives me the link to log in -> authorization -> access code. For the time being I can’t make my bot automatically log in (error message is similar to ‘Forbidden - missing csrf token’); I need to find the right csrf token and post it in the login form. I assume when getting this part right I can automatically grab the oauth token without needing to manually open a webpage.

As a workaround I’m just manually grabbing an access token from https://api.twitch.tv/kraken/oauth2/authorize?response_type=token&client_id=INSERT_CLIENT_ID&redirect_uri=http://localhost&scope=channel_editor and then using the below code to edit my stream title, which seems to work fine.

		putURL = "https://api.twitch.tv/kraken/channels/" + config.CHANNEL
		putHeaders = {"Authorization": "OAuth " + config.OAUTH_TOKEN,
					'Client-ID': config.CLIENT_ID}
		putData = {"channel[status]": streamTitle}
		putResponse = requests.put(url=putURL, headers=putHeaders, params = putData)

Do these oauth tokens expire over time?

BarryCarlyon · January 14, 2018, 11:51am

You should NOT I repeat NOT be logging into Twitch this way.

You should write code that allows you to auth your application to your Twitch (Bot) Account. Which provides an access token. Then you use the access token with the bot. The bot itself should NOT be logging into Twitch itself. IE two separate programs.

The bot should never have code to go and login to Twitch on it’s own.

You only need to do this step once ever… Unless you de-auth your application from the Twitch Account.

Thats not a “workaround” thats how you are supposed to do it.

People used to use and may still use a service like https://twitchapps.com/tmi/ to generate an oAuth token for them, then the bot only needs that token, and the ability to refresh said token (which you won’t be able to do with the TMI generator), now that tokens expire. (ClientID’s made before a certain point in time don’t require refresh).

Yes but you are given a refresh token to use to get a new token (and an expires in time)

In summary, your bot only needs the code to refresh a token, it does NOT need the code to generate the token.

the-roth · January 14, 2018, 12:24pm

Okay thanks for the clarification, it makes more sense now!

system · February 13, 2018, 12:25pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.