The state is completely optional. It can be used to send data to Twitch which Twitch then passes back to your on authentication…
To auth:
- Send the user to
https://api.twitch.tv/kraken/oauth2/authorize ?response_type=code &client_id=[your client ID] &redirect_uri=[your registered redirect URI] &scope=[space separated list of scopes]
swapping [your client ID] for your Client ID, [your registered redirect URI] for your Registered Redirect URI, and [space separated list of scopes] for the scopes you need
- User accepts the auth and gets redirected to
[your registered redirect URI]THEN software on your URI grabs the[CODE]from the GET parameters and makes a POST request to exchange the[CODE]for an[user access token]
You are getting a 404 because you are getting not posting.
client_id=[your client ID] &client_secret=[your client secret] &grant_type=authorization_code &redirect_uri=[your registered redirect URI] &code=[code received from redirect URI] &state=[your provided unique token]
Is supposed to be in the POST body, you are GET’ing it instead.