I urgently need to revoke an OAuth Token I have created on the Twitch Chat OAuth Password Generator. This website says:
To revoke access, disconnect “Twitch Chat OAuth Token Generator” from your Twitch.
But I’m quite sure this just revokes the website’s access to my Twitch account but it wouldn’t revoke existing tokens, right?
So I try to follow the documentation for revoking token. But the problem is here: In order to revoke, I need the
client_id. And since it is not my application, I don’t know the
client_id. So what else way is there to revoke the token?
Thanks in advance and kind regards
The client ID is part of the URL when you’re on the page to authorize the app’s access to your account. Disconnecting an app in your settings should revoke all of its tokens for your account.
Thank you for your reply. I highly doubt that the token is revoked by disconnecting the app since my chatbot that runs with that token still works fine. That means that the token is not revoked, right?
If you disconnect whilst the bot is still running.
The bot will remain running. It doesn’t remove/kick an active bot using a now revoked key as key is only checked when the bot logs in to Twitch
Sorry that I wasn’t clear enough: After I disconnected the app from my settings, I restarted my chatbot and it is still running smoothly.
In some cases it can take up to say 5 minutes for the token to truly die.
How long did you wait?
I disconnected the app yesterday (around 11pm CET).
Anyone any ideas? Is there a way for you to manually revoke a token? I mean this is a security issue since I accidentially disclosed the token but now cannot revoke it? That’s a hard pill to swallow…
You can get the client ID for the token by using the validate endpoint: https://dev.twitch.tv/docs/authentication/#validating-requests
With that, you can revoke it: https://dev.twitch.tv/docs/authentication/#revoking-access-tokens
That said, disconnecting the app definitely revokes tokens from it.
Thank you, that did the job. Thanks a lot for your help!
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.