OAuth callback with php, what am I doing wrong?

BarryCarlyon · July 25, 2020, 10:53pm

Your response_type is force_verify

it should be code for this example

BarryCarlyon/twitch_misc/blob/main/authentication/user_access_generator/php/script.js#L27


      
                          } else {
                              scopes.push(checks[x].getAttribute('name'));
                          }
                      }
                  }
              }
          
              var url = 'https://id.twitch.tv/oauth2/authorize'
                  + '?client_id=' + client_id
                  + '&redirect_uri=' + redirect_uri
                  + '&response_type=code'
                  + '&force_verify=' + force_verify
                  + '&state=' + state
                  + '&scope=';
          
              url += scopes.join('+');
          
              document.getElementById('auth_url_preview').textContent = url;
              document.getElementById('auth_url').setAttribute('href', url);
          }
          generate();

Line 27 of this example shows a URL being constructed.

ClientID’s are public there is no need to hide this

Should be

https://id.twitch.tv/oauth2/authorize?client_id=<myid>&redirect_uri=http://plox.nu/oauth/callback.php&response_type=code&scope=bits:read

You can optionally add

https://id.twitch.tv/oauth2/authorize?client_id=<myid>&redirect_uri=http://plox.nu/oauth/callback.php&response_type=code&scope=bits:read&force_verify=true

if you need Force Verify