Issue with OAuth Authorization Flow - Redirecting to Homepage

[caenvibe]

Hello,

I am experiencing an issue while trying to obtain a User Access Token using the OAuth 2.0 authorization flow. When I attempt to authorize via the following URL:

https://kick.com/oauth/authorize?response_type=code&client_id=YOUR_CLIENT_ID&redirect_uri=http://127.0.0.1:5000/callback&scope=channel:manage

I am redirected to the homepage instead of being granted access or redirected to my callback URL.

Steps to reproduce:

Go to OAuth URL.
I am redirected to the homepage, not to the callback URL as expected.
Expected Result: The OAuth flow should authorize the application and redirect to the provided callback URL with an authorization code.

Actual Result: I am redirected to the homepage instead of the expected callback.

Additional Information:

The OAuth flow doesn't seem to work as expected.
The authorization URL appears correct, but I keep getting redirected to the homepage without obtaining the User Access Token.
I have followed the documentation and made sure that my client ID and redirect URI are correct.
Please let me know if there's any additional information you need.

Thank you!

[Scorfly]

Hello,

The domain is invalid, you use kick.com instead of id.kick.com

And some keys are missing:

• code_challenge
• code_challenge_method
• state

Some values should also be updated:

• redirect_uri should be URL encoded : http%3A%2F%2F127.0.0.1%3A5000%2Fcallback
• scope should be URL encoded : channel%3Amanage (btw this scope does not exists)

The OAuth 2.1 is describe here:

• https://docs.kick.com/getting-started/generating-tokens-oauth2-flow

Scope are listed here:

• https://docs.kick.com/getting-started/scopes

[krmslmz]

Example code for JavaScript: I am developing Kick-Alert.com application. You can check my streams live on kick.com @keremslmz.

const codeVerifier = crypto.randomBytes(64).toString('hex');
const codeChallenge = crypto.createHash('sha256').update(codeVerifier).digest('base64url');
const params = querystring.stringify({
    client_id: process.env.CLIENT_ID,
    redirect_uri: process.env.REDIRECT_URI,
    response_type: 'code',
    scope: 'user:read channel:read channel:write chat:write events:subscribe',
    state: crypto.randomUUID(),
    codeChallenge: codeChallenge,
    codeChallenge_method: 'S256'
});

res.redirect(`https://id.kick.com/oauth/authorize?${params}`);

Call back :

const tokenResponse = await axios.post('https://id.kick.com/oauth/token', querystring.stringify({
          grant_type: 'authorization_code',
          code: code,
          client_id: process.env.CLIENT_ID,
          client_secret: process.env.CLIENT_SECRET,
          redirect_uri: process.env.REDIRECT_URI,
          code_verifier: codeVerifier
      }), {
          headers: { 'Content-Type': 'application/x-www-form-urlencoded' }
      });

      const userInfo = tokenResponse.data;