Thats a interesting group of scopes and tokens.
I think the problem here is that you’ve reuqested this mixture.
- chat_login - 99% of the time you probably shouldn’t be grabbing that
- viewing_activity_read - This is for VHS, only certain devs have access to that
- openid / user:read:email - save your sanity pull one of the other, if you are user:read:email then openid is redundant and you can drop the id_token from the request
- bits:read No comment just completeing the list
There is a bug in your request:
let responseStr = “https://id.twitch.tv/oauth2/authorize?response_type=code&token+id_token&client_id=” + twitchCltId + “&redirect_uri=” + redirectUri + “&scope=chat_login+viewing_activity_read+openid+user:read:email+bits:read&state=” + randState;
Has response_type=code&token+id_token which is wrong
response_type should be one of:
- code
- token
- id_token
- token+id_token