grant_type shouldn’t be "AUTHENTICATION CODE" for start.
The linked example isn’t very good. It just goes “well heres how you pass stuff to some function that someone else wrote” nor covers the token types and likely usage, and railroads you into getting a user token.
I’m not sure if you are trying to do User tokens or an App Access Token.
This kinda looks like user token step three since you have a code but the data should not be passed as headers, they should be post fields.
This is a complete example of user authentication https://github.com/BarryCarlyon/twitch_misc/tree/main/authentication/user_access_generator/php and if you need to get an “anonomous”/public token for server to server calls, which if you are transitioning from Kraken to Helix seems more likely, then you need an App Access/Client Credentials token https://github.com/BarryCarlyon/twitch_misc/tree/main/authentication/app_access_tokens/php
So you have a number of issues in your code, firsly the fact that the data in $curlHeader should in fact be in CURLOPT_POSTFIELDS instead, additionally if this is step 3 of user oAuth, this should be a CURLOPT_POST, and right now it’s doing a GET. Hence the message you get for a invalidy created <a href for step 1 user oAuth. Which is what this code generated, loaded https://id.twitch.tv/oauth2/authorize with no paramters, when you are supposed to redirect the user here, (as all the params on step 1 need to be query string).
So, it sounds like you actually need to do is
Which will give you a token which will let you do the same thing as you were doing under v5. Since the oAuth proceedure hasn’t changed and you don’t have an existing oAuth loop to use.
The PHP code examples for generating such a token can be found here
generate_and_maintain_token.php is the most appropriate as it generates and stores a token, then resuses that token until the token is close to expiration. Which is “good practice”. This script can be setup as a cronjob, to automatically handle tokens and store the token in a DB or somewhere useful for your scripts/server calls to use.
Generally you wouldn’t store the token in a auth.json it just is in the example for simplicity of the example, and not to give an opinion on where/how to store tokens, as thats up to you.