0

Please let me know if this is not possible...but in an effort to refactor my personal API I decided to start calling the Twitch endpoints through my API so data can be combined. To do this I direct the user to the auth page and get a bearer token back. I then pass that token to my API in the header. For some reason I get a 401 if I try to use that token at all from my API. I have no idea why as I can't view a reason in the response. The token works from postman.

Here is an example of a request I make in my API:

public async Task<bool> ValidateToken()
{
    var response = await client.GetAsync("https://id.twitch.tv/oauth2/validate");
    return response.StatusCode == HttpStatusCode.OK;
}

The HttpClient is created as follows before the validation method is called:

public TwitchService(IHeaderDictionary headers)
{
    StringValues token;
    StringValues clientId;
    var hasToken = headers.TryGetValue("Authorization", out token);
    var hasClientId = headers.TryGetValue("Client-id", out clientId);

    client = new HttpClient();
    client.DefaultRequestHeaders.Add("Accept", "application/json");

    if (hasToken)
    {
        var authToken = token.ToString().Replace("Bearer", "");
        client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", authToken);
    }

    if (hasClientId)
    {
        client.DefaultRequestHeaders.Add("Client-ID", clientId.ToString());
    }
}
sabo
  • 911
  • 13
  • 37

1 Answers1

0

It turns out that the auth header is removed by the HttpClient and this is by design. The following link gives a good explanation about it: Authorization header is lost on redirect

sabo
  • 911
  • 13
  • 37