Unable to refresh token through api (403 error)

[Johnnycyan]

If I load the page on my normal computer it works just fine but when trying to access the page through either of my 2 servers I just get a 403 error.

[Johnnycyan]

Is there some sort of special header information that I need to send with my request?

[swiftyspiffy]

This is more or less intentional. The service was receiving an insane amount of traffic and it couldn't handle the refresh api calls. I need to move the service to a better environment, and until then i had to protect the website with cloudflare. I don't have an ETA at the moment, unfortunately.

Also, sorry for late response.

[Johnnycyan]

Ah okay I see that makes sense. No worries <3

[WitoTV]

Hello. Sorry for hijacking into this. Currently for some reason attempts to refresh access token are returning 500 (while using the website button)

[swiftyspiffy]

I noticed this as well. I when generating a token, make sure you're using the API itself for the token (ie https://twitchtokengenerator.com/api/create/QXV0aEZsb3dFeGFtcGxlIFRlc3QgQXBwbGljYXRpb24=/chat_login+user_read). This will ensure the token is created with the client id used for the API, and not the client id used for the front facing website. I think Twitch changed something with the auth, but I'm not exactly sure what.

Give that a try and let me know if it works. I had to do this earlier yesterday.

[WitoTV]

@swiftyspiffy yea. This way it seems to work. but quite weird indeed. I did not see any changes in the authorization flow from twitch end between the last time it worked and now...

[alfadormx]

Hello, the Cloudfare + 403 error means there is no accessing to the twitchtokengenerator api? I am building a client in JAVA yet the site systematically returns 403 on the /create endpoint, so there is no way moving forward from there for me. Any help is kindly appreciated.

[AndrewMarines]

Still no fix for that problem? I'd love to refresh automatically

[AndrewMarines]

Just found out some of the client-ids created by this service are legacy and won't expire but this will change in the future. My client-id is like that so i don't have that issue yet

[swiftyspiffy]

I've disabled cloudflare protection on the site for now, enabling programmatic access to the refresh endpoint. Will need to re-enable if the site gets obliterated with requests though. Closing this for now, feel free to reopen if needed.