Invalid CSRF token: Too confusing for a User.

[BarryCarlyon]

Brief description

Occasionally, when you perform step 1 of oAuth (redirect user to Twitch to allow/deny an account link)

A JSON blob is returned in the body:

{"error":"Invalid CSRF Token"}

This is shown to a end user and the end user has no idea what to do.

How to reproduce

Keep trying to link accounts till it happens. Usually happens more often with Firefox users.

Expected behavior

Display a more useful error page, or redirect to Twitch login page, which you do get sometimes (even when logged in on Twitch)

[mauerbac]

IDPLAT-3002

[guanzo]

Got a user complaint about this. +1

[marcandrews]

I also received a few user complaints about this.

[lleadbet]

Hi everyone- thanks for the notes here.

If anyone is able to reproduce this consistently, any steps you can provide would help with resolution. Team is still investigating, however.

[BarryCarlyon]

Firefox users report it often.

I don't have repro steps other than to be using firefox.

But whenver your code returns this error it needs to do something more useful than present this to the user

[vprime]

This happens for me every time when trying to use Twitch SSO on Firefox. I do not have issues when using other SSO+MFA services like Google.

The steps I take are:

1. Start Firefox (I have uBlock Origin, and NoScript but disabling them does not help)
2. Log into twitch account with MFA through Authy
3. Visit website using Twitch SSO, like DNDBeyond.com
4. Click "Login in with twitch"
5. Authorize the application
6. Upon pressing "Authorize" I am presented with the page "https://id.twitch.tv/oauth2/authorize" in JSON format with {"status":401,"message":"invalid csrf token"}

My workaround has been

1. Launch Google Chrome
2. Log into my Twitch Account
3. Sign into the website, and authorize my twitch account
4. Set up an alternative method of logging in.
5. Close chrome, and reopen Firefox.
6. Sign on with anything but Twitch SSO

[Higler]

I was having this same issue in Brave and Chrome browser. Tried logging out and back in multiple times, tried clearing cache and cookies multiple times in both browsers. Was not able to solve this issue until I logged into twitch via mobile (brave browser) then clicked authorize and it worked flawlessly. Not able to recreate the issue since making the connection but this is what solved the issue for me.

[thatmaxplayle]

This is completely preventing me from implementing Twitch connections to my website!

[Bus42]

I am having the same issue with Google Chrome. I have read a dozen other threads, logged out and back in, cleared cookies, cleared site data, and every other suggestion I've found but it's still the same. No matter what I try to connect to Twitch its the same error:

{
status: 401,
message: "invalid csrf token"
}

I do not have ad blockers or use a VPN and this is a problem I have only encountered with Twitch.

[Bus42]

Here's what actually worked for me:

1. Do not try from Streamlabs Desktop
2. Log in to Streamlabs in your browser
3. Add connections from there.

I would suggest either disabling this feature in the desktop client until it has been resolved or including a message that this may not work from desktop and to try from the browser.

[BarryCarlyon]

I would suggest either disabling this feature in the desktop client until it has been resolved or including a message that this may not work from desktop and to try from the browser.

TwitchDev isn't support for Streamlabs Desktop, so you'll have to talk to them about disabling it in their desktop client