Twitch.tv is a massive service, streaming to millions of people daily which uses complicated technology to ensure that everything runs smoothly.
A service of this size is never without any issues, a common one is an error message which reads {“status”:401,”message”:”invalid csrf token”}. This is a fairly common error, but rare to happen multiple times after resolving for users. It is easy to resolve.
What does {“status”:401,”message”:”invalid csrf token”} mean?
The first part of the error 401 is a HTTP response status which translates to humans as unauthorised – meaning the application you are trying to use is rejecting your communication with the server.
The second part of the error (or “message”) is invalid CSRF token. CSRF stands for cross-site request forgery – the CSRF token is a cookie which sits on your computer and has your credentials to use whatever application you are wanting to use.
A CSRF token is a unique, secret, unpredictable value that is generated by the server-side application and transmitted to the client in such a way that it is included in a subsequent HTTP request made by the client. When the later request is made, the server-side application validates that the request includes the expected token and rejects the request if the token is missing or invalid.
PortSwigger
By invalid it will either mean the credentials are incorrect or the most likely cause – your cookies have expired and there was an error refreshing them.
This error only appears when you are attempting to link a Twitch account with something else – hence the “cross-site” word in the acronym CSRF. The response will come from Twitch’s oAuth.
So, in short, you are seeing the {“status”:401,”message”:”invalid csrf token”} on Twitch or an application which connects with Twitch because your cookies are outdated.
When does the invalid CSRF token happen?
Here are some examples of events which are known to trigger {“status”:401,”message”:”invalid csrf token”}.
- Redeeming Prime loot
- Connecting SHiFT to Twitch
- Connecting Twitch with Discord
- Connecting Twitch to Curse Forge
- Logging in to chat bots such as Nightbot
- Logging in to streamlink GUI
- Authenticating Streamlabs
How to fix {“status”:401,”message”:”invalid csrf token”} Twitch error
Follow the list of fixes for these errors until it has worked, once a step has worked there’s no need to try the next one.
- Log out of Twitch and log back in
- Clear your cookies from a) Twitch.tv b) the application you are trying to connect to Twitch.
- Clear all of your browser’s cookies
- Update your browser to the latest version
- Unlink the connection you are trying to link up and then proceed to re-link them
- Do the above 5 steps and restart your computer
- Try logging in using incognito/private browsing – these two operate on a cleared cookie basis
- Try a different browser altogether, the invalid CSRF token is most common with Firefox
- Complain to the Twitch developers
It is extremely unlikely that following the first 6 steps would not resolve your issue. In the event that it does, keep repeating the steps or complain to Twitch with a detailed description is the only option left.
