I need help with auth permanent

rogerbatt · April 17, 2024, 11:37pm

Hello guys, I’ve been with difficult to development a Bot to get Ban info, cuz my auth always expire and i dont know how to find ou create a auth token permanently, someone can help me pls?

I’m developing the bot in NodeJS.

BarryCarlyon · April 17, 2024, 11:40pm

Tokens are not forever

Assuming you used the code flow to generate a token.

You will have got a user access token and a refresh token.

So you then use the refresh token to get a new access and refresh token. And away you go

Code flow: Getting OAuth Access Tokens | Twitch Developers
Refresh Flow: Refreshing Access Tokens | Twitch Developers

robertsmania · April 23, 2024, 4:34pm

I am confused by this.

If I get a token from Twitch Chat Password Generator and then validate it, it shows that it never expires. I can adjust the scopes on the request URL and indeed the token does work for what its authorized for, but it is clearly tied to their Client ID q6batx0epp608isickayubi39itsckt.

A request like this will give me a token that only has the ability to write to chat:

https://id.twitch.tv/oauth2/authorize?response_type=token&client_id=q6batx0epp608isickayubi39itsckt&redirect_uri=https://twitchapps.com/tmi/&scope=user:write:chat

The validation result shows:

{
  "client_id": "q6batx0epp608isickayubi39itsckt",
  "login": "WhateverLogin",
  "scopes": [
    "user:write:chat"
  ],
  "user_id": "WhateverUserID",
  "expires_in": 0
}

When I go through the developer console and setup my own application, any token I generate does have an expiration time regardless of any of the options selected in the Manage Application Console.

BarryCarlyon · April 23, 2024, 5:14pm

Legacy/older client ID’s have forever tokens but this will change at some point

So the documenation is correct regardless of what legacy/older ClientID’s do

There is also an argument to not be using someone elses clientID or generator as it could die/get removed at any point as well

lucas046 · April 30, 2024, 1:53pm

I you want your authentication token remains valid indefinitely for your Twitch bot developed in NodeJS, you’ll need to implement a system for refreshing the token before it expires. Twitch provides a method called “refresh token” for this purpose.

When you initially authenticate your bot, you’ll receive both an access token and a refresh token and you can use the refresh token to obtain a new access token without requiring the user to re-authenticate, so, by this you can maintain continuous access to Twitch APIs without interruptions due to expired tokens. Ensure to securely store and manage these tokens in your application to maintain security.

BarryCarlyon · April 30, 2024, 2:43pm

Only if you use code flow as outlined in my original reply