Fix: `xurl` OAuth 2.0 Fails with "unauthorized_client" on X API

If you're using xurl to authenticate with the X API and hitting this error: OAuth2 authentication failed: Auth Error: TokenExchangeError (cause: oauth2: "unauthorized_client" "Missing valid authorization header") You're not alone — and the fix is a single setting in the X developer portal. Why It Happens xurl uses the OAuth 2.0 PKCE flow , which is designed for public clients (mobile apps, CLIs, SPAs). Public clients send credentials in the request body during token exchange. However, X API apps are created as Confidential Clients by default. Confidential clients require credentials to be sent as an Authorization: Basic header — a different mechanism that xurl doesn't use. When xurl sends a token exchange request without that header, X rejects it with unauthorized_client . You can confirm your app is a confidential client by base64-decoding your Client ID: echo "YOUR_CLIENT_ID" | base64 -d If the decoded value ends in :ci , it's a confidential client. If it ends in :na , it's a native

Fix: `xurl` OAuth 2.0 Fails with "unauthorized_client" on X API

Related Articles

Switzerland — Best Crypto Exchange (2026)

Cursor Your Dream, Part 2: How to Move From First Prompt to First Working App

The Difference between `let`, `var` and `const`

Circulation Metrics Framework for Living Systems

Red Rooms makes online poker as thrilling as its serial killer

Related Articles

How-To
Switzerland — Best Crypto Exchange (2026)
Dev.to Beginners • 1d ago

How-To
Cursor Your Dream, Part 2: How to Move From First Prompt to First Working App
Hackernoon • 1d ago

How-To
The Difference between `let`, `var` and `const`
Medium Programming • 1d ago

How-To
Circulation Metrics Framework for Living Systems
Medium Programming • 1d ago

How-To
Red Rooms makes online poker as thrilling as its serial killer
The Verge • 2d ago