search

swiftyspiffy / twitch-token-generator

Repository for the source that sits on https://twitchtokengenerator.com
85 stars 11 forks source link

Refresh API returns invalid client_id #10

Closed sntr8 closed 3 years ago

sntr8 commented 3 years ago

Running GET to refresh API returns invalid Client ID.

% curl -X GET https://twitchtokengenerator.com/api/refresh/<refresh_key>
{"success":true,"token":"<token>","refresh":"<refresh_key>","client_id":"zkxgn9qm9y3kzrb1p0px68qa69t3ae"}

Using that Client ID on calls towards Helix API will result to an error

% curl -X GET 'https://api.twitch.tv/helix/streams/key?broadcaster_id=<ID>' -H 'Authorization: Bearer <access_token>' -H 'Client-Id: zkxgn9qm9y3kzrb1p0px68qa69t3ae' 
{"error":"Unauthorized","status":401,"message":"Client ID and OAuth token do not match"}

But changing Client ID to the one displayed on the web page results in success

% curl -X GET 'https://api.twitch.tv/helix/streams/key?broadcaster_id=<ID>' -H 'Authorization: Bearer <access_token>' -H 'Client-Id: gp762nuuoqcoxypju8c569th9wz7q5'
{"data":[{"stream_key":"<stream_key>"}]}

Could this be fixed so I could refresh my tokens automatically from my container without need to visit the web page?

sntr8 commented 3 years ago

Looking at the code the refresh API initiates towards https://api.twitch.tv/kraken/ so that might cause the problem with Helix tokens?

swiftyspiffy commented 3 years ago

Ya, so there's some confusion here I think, and I don't completely understand it myself.

The first client id you shared is for TwitchTokenGenerator's API, the second one (the one that succeeded) is for the frontend site.

I'm guessing you generated the initial token using the frontend and not an API flow?

sntr8 commented 3 years ago

Yes, I generated the initial token from the frontend.

swiftyspiffy commented 3 years ago

For now, should default to using the frontend client id, and not the API.