Is there no way the bot code can get this for themselves? In the past I’ve had these access tokens expire and the bot disconnect. How is this supposed to work? I always get a new token in the browser and have to update the bot config?
I have working code that can get an access token with correct scopes via the Client Credentials flow. But it is no good for connecting to IRC apparently (as I have learned in this post)
I’d like to automate the process if I can. I have registered my bot as an app and have client_id and client_secret to use with OAuth. I can’t be the only one wanting to do this.
If anybody has some better info on this than the official docs, I’d very much appreciate it!
How do apps like Nightbot do this? Do they actually have somebody generate these codes by hand and paste them?
A bots token is only checked when the bot starts/re/connects to chat, so you’ll only need to refresh when (re)connecting to Twitch, (and the bot can use a client_creds total internally for uptime checks etc)
It is still weird to me that a server-side application, such as a chat bot, requires this browser-based step to get startet, but at least with your help I got it to work.
I’m caching the access and refresh tokens in a config file, so I don’t have to refresh on every reconnect attempt of the bot. But in case the access_token is rejected, the bot can now request a refresh on its own.
To Twitch a “chat bot” is just a user account, it’s not marked “specially” as a bot.
So currently you can’t just get a token as the account is no different to a user, hence the manual browser step.
Usually an access token is only valid for around four hours, so I don’t bother trying the access token, when my bot (re)starts it just uses the refresh proceedure and I don’t bother storing the access token beyond using it to login to chat. (As in most cases my bot’s don’t restart sooner than four hours anyway)
That seems a good practice. As a beginner, I found it challenging to get access_token at all, so once I had one, I valued it a lot. But it now seems the refresh_token is the actually valuable one. Great tip!