Hello,
I’m developing a node.js app to read the channel points redeems and process them. Until now I was using a token generated by https://twitchtokengenerator.com/ just for “reading” my channel redeems and testing purposes. This site gave me a 60 day token to use (created at 12/Sep and still working without any refresh).
Then I followed this twitch dev example to create a “login” page so other users/friends can login and use the “service”. I’m getting an access and refresh token at the backend but the expire time seems to small (~15000s or ~4 hours, then it needs to be renewed).
Is this the right way to do it? Do I need to refresh the tokens every ~4 hours and renew the connection to PubSub websocket with the new token that I get after the refresh?
And best advice is to use your own Auth loop not a third parties, since a third parties won’t return the refresh token to use. And when it dies the caster has to stop and go and reauth.
Where as with this you just reauth and LISTEN again
So you don’t have to full restart the process.
Just UNLISTEN and LISTEN with the new token.
Normally you’d probably want to refresh with 30 minutes left rather than let it go to the last second
Just remember when you refresh you may get a new refresh token so remember to store that in case the refresh token was updated!
And best advice is to use your own Auth loop not a third parties, since a third parties won’t return the refresh token to use.
Yup, I was just using that 3rd party token generator to make my life easier while in dev of the backend (redeem “processor”), since the token would last 60 days as they mention in their website. Also just for curiosity, what’s the difference of their token to last that amount of time? They also send a refresh token…
It’s an implicit auth token, so it just comes with a different expire
User token - 4 hours (can refresh automatically)
Implict user token - 60 days can’t refresh automatically
App Access Token - No user, 60 days, can’t refresh (but server to server so you can make new token automatically)
OIDC user representation - JWT (not a token) returns a blob of user data - good for 15 minutes but can ignore the expiry (the blob represents user data at that time), the JWT can’t call any endpoints bar the OIDC userinfo, also returns a user access token, (comes in both regular and implicit forms)
Are the four types of token Twitch has
Shouldn’t of there is no refresh token for implicit auth tokens (tokens that last 60 days)
https://twitchtokengenerator.com/ uses a semi-auth flow, and gives you a refresh token you can use on their own API to refresh. I don’t know what they do on the backend to create this though.
I don’t know what they do on the backend to create this though.
They have the code on github if it helps to understand. I’m not much an expert in this subject, so I’m a little bit lost but I got the explanation from @BarryCarlyon and I will try it!
Since I was using that 3rd party token generator I thought that my tokens would last the same amount of time and when I got ~15000s I was a bit confused!