Use Get Users without Client-ID?

Hello everyone. I have a question regarding OAuth2.
I’m using OAuth implicit code flow on the app’s frontend. Then I pass fetched token to the python backend where I try to retrieve data about the user.
I use only “user:read:email” scope.

The issue is that when I call https://api.twitch.tv/helix/users like so:

auth_headers = {
            'Authorization': 'Bearer ' + access_token,
        }
url = 'https://api.twitch.tv/helix/users'
response = requests.post(url=url, headers=auth_headers)

I receive {'error': 'Unauthorized', 'status': 401, 'message': 'Client ID is missing'}
If I add Client-Id=some_cliend_id to the request headers everything works.

Shouldn’t it work with token only?

No both a ClientID and Bearer token are required/must be specified.

1 Like