I’m having a hard time getting an OAuth token for the Twitch API. I’ve been at it for hours and I’m really confused. The API has changed a lot lately. They even put up a notice about getting rid of V5 API soon. I’m totally lost.
Here’s what I’ve tried so far. I’m using this code to get the authorization code:
function get_twitch_auth($url) {
$headers = [
'app_id' => 'MY_APP_ID',
'app_secret' => 'MY_APP_SECRET',
'auth_code' => 'MY_AUTH_CODE',
'grant_type' => 'MY_GRANT_TYPE',
'callback_url' => 'https://mysite.com/callback'
];
$curl = curl_init();
curl_setopt($curl, CURLOPT_AUTOREFERER, TRUE);
curl_setopt($curl, CURLOPT_HEADER, 0);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($curl, CURLOPT_URL, $url);
curl_setopt($curl, CURLOPT_FOLLOWLOCATION, TRUE);
curl_setopt($curl, CURLOPT_HTTPHEADER, $headers);
$result = curl_exec($curl);
curl_close($curl);
return $result;
}
echo get_twitch_auth('https://id.twitch.tv/oauth2/authorize');
But all I get back is this error:
{"status":400,"message":"missing response type"}
Can anyone help me figure out what I’m doing wrong? I’m not sure if I’m using the right endpoints or if I’m missing something important in my request. Any advice would be really helpful!
hey man, twitch oauth is tricky. try redirecting the user with proper params, then use the returned code to request your token via a post. headers ain’t the best for secrets. keep at it!
I feel your pain, mate. Twitch’s API changes have been a real headache lately. From what I can see, you’re mixing up the authorization flow a bit. Here’s what worked for me:
First, you need to redirect the user to Twitch’s auth page. Don’t use cURL for this part. Just build the URL with your client ID, redirect URI, and required scopes.
Once the user approves, you’ll get a code in your callback. That’s when you use cURL to exchange the code for an actual token. The endpoint for this is different:
https://id.twitch.tv/oauth2/token
You’ll need to POST to this with your client ID, client secret, code, grant type (use ‘authorization_code’), and redirect URI.
Also, don’t put sensitive info like your app secret in the headers. Use POST parameters instead.
Stick with it, you’re almost there! Let me know if you need more specifics.
I’ve been through this recently and can offer some insights. The Twitch API changes have indeed been challenging. Your approach is on the right track, but there are a few adjustments needed.
Firstly, the authorization process is a two-step flow. You’re trying to combine both steps into one, which won’t work. Start by redirecting the user to the authorization URL with the correct parameters. Once you get the auth code, use that to request the actual OAuth token.
Also, the parameters should be in the URL for the initial request, not in the headers. Try something like this:
$url = ‘https://id.twitch.tv/oauth2/authorize?client_id=YOUR_CLIENT_ID&redirect_uri=YOUR_REDIRECT_URI&response_type=code&scope=YOUR_SCOPES’;
After the user authorizes, you’ll get the code in the callback. Then use that code to request the token. Hope this helps point you in the right direction!
I’ve encountered similar issues with Twitch’s API recently. The authorization process has indeed become more complex. Your approach needs some adjustments.
Firstly, separate the authorization into two steps. Start by redirecting the user to Twitch’s authorization URL with the necessary parameters in the query string, not headers. Once you receive the authorization code, use it to request the OAuth token.
For the token request, use the following endpoint:
https://id.twitch.tv/oauth2/token
Send a POST request to this URL with your client ID, client secret, authorization code, grant type (‘authorization_code’), and redirect URI as POST parameters. Avoid putting sensitive information in headers.
Remember to handle potential errors and token expiration. The Twitch API documentation provides detailed information on the correct flow and required parameters for each step.
hey mate, i had similar issues recently. the new twitch api can be a pain. your code looks close, but you’re missing the ‘response_type’ parameter. try adding ‘response_type’ => ‘code’ to your headers array. also, make sure you’re using the right grant_type for what you’re trying to do. good luck!