(Bug?) /oauth2/token for client_credentials returns UNIX timestamp


I am getting my access token for my server-to-server application from /oauth2/token with grant_type “client_credentials”. I noticed that the “expires_in” field returns an UNIX timestamp (I guess? I don’t think my access token should be valid for 1526000360 seconds).

Another thing I noticed is that there’s no refresh token in the response, is this correct?

Can you confirm the URL you’re POST’ing to, as to my knowledge there isn’t a /helix/token endpoint, you should be using https://id.twitch.tv/oauth2/token for token requests, and from my tests I haven’t been able to reproduce an expiration that’s a UNIX timestamp, for me it’s in seconds (from the tries in the last few minutes the expiration has varied between 54 and 63 days).

Yeah, my bad. It’s the https://id.twitch.tv/oauth2/token endpoint. My response looks like this:
However, my “expires_in” looks okay now, for some reason, but what about the refresh token? No refresh token for client_credentials tokens?

Also, while you’re here, should I actually store that access token, as it has an expiration time of 50+ days?

An app access token doesn’t need a refresh token as it’s for your app, you can simply go through the same process again to get a new token. User tokens on the other hand have a refresh token because without it you would need the user to go through the authentication process again.

As for token storage, there’s no reason not to store it, just make sure however you do so is secure and that you get a new token at some point before its expiration.

Okay, yeah that makes sense.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.