Best practice to refresh the app access token

My application queries Twitch Helix Streams endpoint with 120 tps. My application cache the some streams.

My application loads app access token from DB and it will use the token in the GET Streams call. I’m refreshing the token, few days before the expiration time. The flow looks like this

GetAppAcessToken (T1) -->
If T1 < refreshTime -->
Return the token from DB -->
Query streams helix endpoint with app access token.

GetAppAcessToken (T1) -->
If T1 > refreshTime -->
Refresh the token and return -->
Query streams helix endpoint with app access token.

Is this the best way to refresh the token, considering my application serves high tps. What if multiple threads try to refresh the token at the same time?

Create a central system for key management. So your threads load the key from, say redis (or your DB), and don’t renew the key itself, your threads load the key to use from redis, and you create a separate service to manage keys.

So your threads will never call the app access generation themselves.

Okay, thanks.

At present my application threads generate the app_access_token themselves. Is there any chance, my app_access_token going to be invalid because of refresh from multiple threads.

There’s a max number of App Access Tokens that you can have, after which when you create more the oldest active one will become invalidated.

So yes, there is a chance that one of your threads could have an invalid token if you have many other threads also generating App Access Tokens. This problem will continue to grow if your apps generate a new token when they detect that theirs is invalid, as that could then just kill the token another thread is using, which again will create a new token, and kill the oldest etc…

And I had/discovered this exact issue recently.

Also for clarity, you cannot “refresh” an App Access Token, when you generate one you don’t get a refresh token, so you are always making a new one.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.