Authentication Failed Return to Kzero and Try Again Twitch Error
Authentication
Twitch APIs employ OAuth 2.0 access tokens to access resources. If you're not already familiar with the specification, reading it may assist you ameliorate understand how to get access tokens to employ with the Twitch API.
The Twitch APIs utilise two types of access tokens: user admission tokens and app access tokens. The reference content for each API identifies the type of access token you must employ to admission its resource. Some APIs crave a user access token, others require a user access token or an app access token, and a few like the EventSub APIs require app access tokens.
IMPORTANT Treat access tokens, refresh tokens, and client secrets similar a password and safeguard them.
User access tokens
APIs that require the user'south permission to access resource apply user access tokens. Twitch uses scopes to identify the resources, or the fields within a resource, that your app needs permission to access. For example, y'all don't demand permission to become a user'south User resource merely you practice demand their permission to include their electronic mail address with the resources.
The post-obit example shows the dialog that Twitch displays to the user to get their permission for your app to create a Poll, cease a Poll, or go a list of their Polls. If the user clicks Qualify, Twitch gives your app an admission token that lets it perform those actions.
Based on the type of app you're building, you'll use one of the following OAuth flows to get a user access token.
| Flow | Description |
|---|---|
| Implicit grant flow | Apply this menstruation if your app does non use a server. For example, use this menstruum if your app is a client-side JavaScript app or mobile app. For details most getting a user access token using this flow, run into Getting a user access token using the implicit grant flow. |
| Authority code grant flow | Use this flow if your app uses a server, can deeply store a customer secret, and tin can make server-to-server requests to the Twitch API. For details about getting a user admission token using this catamenia, run across Getting a user access token using the dominance code grant flow. |
App access tokens
APIs that don't crave the user's permission to access resources use app admission tokens. For example, you can get a list of videos without the user'due south permission.
You should go an app admission token, if your app but calls APIs that don't require the user's permission to access the resource. But if your app also calls APIs that require a user access token, you should just go a user admission token because in well-nigh cases y'all tin use the user access token to call APIs that take app access tokens. The exception is if you phone call the EventSub APIs (for case, Create EventSub Subscription). If you telephone call the EventSub APIs, you must also become an app access token because the calls fail if you try to use a user access token.
To become an app access token, use the customer credentials grant flow. For details, run across Getting an app admission token using the client credentials grant flow.
Authentication flows
The following table summarizes the flows yous tin use and the blazon of access token it returns.
| Process | User Admission Token | ID Token | App Access Token |
|---|---|---|---|
| OIDC Implicit Lawmaking Flow | ✔ | ✔ | |
| OAuth Implicit Code Flow | ✔ | ||
| OIDC Authorization Lawmaking Catamenia | ✔ | ✔ | |
| OAuth Authorization Code Grant Menses | ✔ | ||
| OAuth Client Credentials Flow | ✔ |
NOTE An ID token or identity token encodes the user's identity in a JSON Web Token (JWT). It's used in OpenID Connect client apps to sign in users. You cannot use the ID token in place of a user or app access token when calling the Twitch API. Read more about ID tokens.
Passing the access token to the API
After getting an access token using one of the above hallmark flows, apply information technology to ready an API request'southward Say-so header.
Dominance: Bearer <access token goes here>
For an API request that shows using the header, see Get channel information.
Tokens don't last forever
Admission and refresh tokens tin become invalid for the following reasons:
- The token expires.
- The user changes their password.
- Twitch revokes the token.
- The user disconnects your app by going to their business relationship's /settings/connections folio and clicking Disconnect next to your app'southward name.
If a token becomes invalid, your API requests return HTTP condition code 401 Unauthorized. When this happens, you'll need to get a new access token using the appropriate flow for your app.
Validating tokens for 3rd-party apps
Third-party apps that phone call the Twitch APIs and maintain an OAuth session must telephone call the /validate endpoint to verify that the access token is still valid. Read more
Next steps
Before yous can get an admission token you lot demand to annals your app. For details, see Registering your app.
Check out these lawmaking samples that evidence how to get admission tokens:
- Go
- Node.js
Source: https://dev.twitch.tv/docs/authentication
0 Response to "Authentication Failed Return to Kzero and Try Again Twitch Error"
Post a Comment