Shields: Twitch badges failing

Thanks for reporting this.

Looking back at the Circle CI history, these tests have been failing for about a month, since May 12th.

I've just logged into the Twitch developer console, there's nothing that suggests that the credentials have expired. In particular, the ones on the CI are recent and were generated in March 2020 as part of #4061.

Generating new credentials does not help and I can't see any code changes on our side that could have obviously broken these badges.

Digging through some of the twitch announcements, I noticed this article. They made changes to their authentication mechanism, with a permanent switch on May 11th, which corresponds timing-wise. I haven't fully read the details, but I'm under the impression that we have to switch from query string auth to an Authorization: Bearer header. I'll do some more digging and experimentation later in the week. @andyli you originally contributed these badges, feel free to help out as well. 😉

Note that I've double checked my emails, including the spam folder, I was not warned about such a change. No notification or anything similar on my Twitch account either. An obscure post on their own forums and scheduling 3 small windows where they failed non complying requests seems like an extremely poor way of warning developers about breaking changes to their API.

I haven't fully read the details, but I'm under the impression that we have to switch from query string auth to an Authorization: Bearer header.

Ignore this part of the analysis, it's wrong: I've read through our Twitch code again and reminded myself how it works, we are doing the right thing at first glance. However, I think there's a bug in the details of the code, we're not actually setting the Client-ID as required. Will investigate further and try to come up with a fix.