Specify both Client ID and invalid bearer #53
Labels
done
The bug or issue has been addressed
product: api
API endpoints in the "helix" namespace
ticketed
Has been given an internal tracking ticket
Comments
|
HLX-1326 |
|
Any update on this? |
|
This will be fixed with the upcoming Helix OAuth requirements as announced here: https://discuss.dev.twitch.tv/t/requiring-oauth-for-helix-twitch-api-endpoints/23916/ If you are not sure if you are sending an invalid token, please see that post above as it includes a schedule of "requirement windows" to help developers be aware and test if there will be any issues before the requirement is permanently in place. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Brief description
If you send a Invalid Bearer but a valid ClientID, the rate limit is 30 and you don't get a 4xx error or any notification that the Bearer you are sending is dead/invalid
How to reproduce
So you create an app access token.
You send both the app access token and the client ID to a public resource/no scopes needed.
You get a nice 800 rate limit.
For whatever reason the App Access Token becomes no longer valid.
Everything keeps going but at the 30 Rate Limit instead
Expected behavior
4xx error
Additional context or questions
Not sure if bug or intended.
The text was updated successfully, but these errors were encountered: