UserInfo without user authorization [HELIX / PHP]

Guendi · February 27, 2022, 1:01am

Is it possible to get UserInfo without user authorization?
Like username and twitch_user_id?

It worked with kraken api

I tried it with the app_access_token but I only get 401
→ Array ( [status] => fail [message] => OAuth token is missing [api_data] => Array ( [error] => Unauthorized [status] => 401 [message] => OAuth token is missing ) [endpoint] …

BarryCarlyon · February 27, 2022, 12:52pm

you need a token

Since you mentioned PHP your PHP script can generate and use a Client Credentials/App Access Token as described, this kind of token is for server to server requests.

Guendi · February 27, 2022, 1:42pm

I got the a token but I still got the same error message.

Generate Token:

    public function createAppAccessToken($type = 'client_credentials'){
      // requet endpoint
      $endpoint = self::TWITCH_ID_DOMAIN . 'oauth2/token';

      $apiParams = array( // params for our api call
        'endpoint' => $endpoint,
        'type' => 'POST',
        'url_params' => array(
          'client_id' => $this->_clientId,
          'client_secret' => $this->_clientSecret,
           'scope' => 'channel:read:editors channel:read:stream_key user:edit:broadcast user:read:email user:read:subscriptions chat:read channel:read:subscriptions',
          'grant_type' => $type ,
        )
      );
      return $this->makeApiCall( $apiParams );
    }

Get User:

      function getUserId($users, $id){
        if($users == null){
          $endpoint = self::TWITCH_API_DOMAIN. "users?id=".$id;
        }else{
          $endpoint = self::TWITCH_API_DOMAIN. "users?login=".$users;
        }

        $header = array( // temp hardcoded header
          'Client-Id: ' . $this->_clientId,
          'Authorization: Bearer '. $this->_accessToken,
        );

        $apiParams = array(
          'endpoint' => $endpoint,
          'type' => 'GET',
          'Authorization' => $header,
          'url_params' => array()
        );
        return $this->makeApiCall($apiParams);
      }

getUserId function worked with kraken and now I added the header for the Helix api but it doesnt work.
I just need the userinfo without the mail

BarryCarlyon · February 27, 2022, 1:55pm

Guendi:

'scope' => 'channel:read:editors channel:read:stream_key user:edit:broadcast user:read:email user:read:subscriptions chat:read channel:read:subscriptions',
          'grant_type' => $type ,

A client credentials token cannot have scopes, since it doesn’t represent a user…

Try this example instead

Did createAppAccessToken actually return a token?

What does makeApiCall look like?

‘Authorization’ => $header,

This seems incorrect

Guendi · February 27, 2022, 2:17pm

yes it returns a token and i tried it also without a scope

I fixed it it was a case_sensitive issue

changed from ‘Authorization’ => $header, to ‘authorization’ => $header,

here is the makeApiCall

	public function makeApiCall( $params , $buildQuery = true ) {
  			$curlOptions = array( // curl options
  				CURLOPT_URL => $params['endpoint'], // endpoint
  				CURLOPT_AUTOREFERER => PATH_TO_CERT, // ssl certificate for localhost
  				CURLOPT_RETURNTRANSFER => 1, // return stuff!
  				CURLOPT_FOLLOWLOCATION => TRUE, // verify peer
  			);

  			if ( isset( $params['authorization'] ) ) { // we need to pass along headers with the request
  				$curlOptions[CURLOPT_HEADER] = TRUE;
  				$curlOptions[CURLOPT_HTTPHEADER] = $params['authorization'];
  			}

  			if ( 'POST' == $params['type'] && $buildQuery) { // post request things
  				$curlOptions[CURLOPT_POST] = TRUE;
          $curlOptions[CURLOPT_POSTFIELDS] = http_build_query( $params['url_params'] );
  			}elseif('POST' == $params['type'] && $buildQuery == false ){
          $o = true;
          $curlOptions[CURLOPT_POST] = TRUE;
          $curlOptions[CURLOPT_POSTFIELDS] = json_encode($params['url_params']);
        } elseif ( 'GET' == $params['type'] ) { // get request things
  				$curlOptions[CURLOPT_URL] .= '?' . http_build_query( $params['url_params'] );
  			}
        if(substr($curlOptions[CURLOPT_URL], -1) == "?")$curlOptions[CURLOPT_URL] = substr($curlOptions[CURLOPT_URL],0, -1);
  			$ch = curl_init();

  			curl_setopt_array( $ch, $curlOptions );

  			$apiResponse = curl_exec( $ch );

  			if ( isset( $params['authorization'] ) ) { // we have headers to deal with
  				// get size of header
  				$headerSize = curl_getinfo( $ch, CURLINFO_HEADER_SIZE );

  				// remove header from response so we are left with json body
  				$apiResponseBody = substr( $apiResponse, $headerSize );

  				// json decode response body
  				$apiResponse = json_decode( $apiResponseBody, true );
  			} else { // no headers response is json string
  				// json decode response body
  				$apiResponse = json_decode( $apiResponse, true );
  			}
  			curl_close( $ch );

  			return array(
  				'status' => isset( $apiResponse['status'] ) ? 'fail' : 'ok', // if status then there was an error
  				'message' => isset( $apiResponse['message'] ) ? $apiResponse['message'] : '', // if message return it
  				'api_data' => $apiResponse, // api response data
  				'endpoint' => $curlOptions[CURLOPT_URL], // endpoint hit
  				'url_params' => $params['url_params'] // url params sent with the request
  			);
  		}

I use this function for every twitch request

system · March 29, 2022, 2:18pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.