Using the https://id.twitch.tv/oauth2/validate endpoint to validate tokens I found 2 lingering user tokens I no longer use and tried to revoke them through the https://id.twitch.tv/oauth2/revoke endpoint.
Both tokens reported as valid. Each token (according to my own documentation) should have had a different client_id but they both report the same client_id. Not a big deal by itself.
When trying to revoke the tokens I got a 404 “client does not exist” for the reported client_id and the client_id from my documentation.
Since as of this date you don’t need both the Client-ID and Bearer Authorization headers I tried a few requests to the helix endpoint https://api.twitch.tv/helix/users
When using only the Client-ID header I get a 401 “Must provide a valid Client-ID or OAuth token”
But when using the Bearer Authorization header I get a valid response.
Any thoughts/ideas? Should I contact Twitch support to have them removed/revoked?
The client application no longer exists in my dev console.
(edit) The application was removed quite some time ago. In the order of months to years.