It won’t to your issue it’s just a problem/bad practice I pointed out, on the outbound link. (Sorry should of been more clear)
I believe your code is doing the token exchange Twitch.
oAuth flow is: for “normal oAuth flows”
Redirect/Send the user to Twitch
They either Accept or Decline at Twitch
If they accept they are sent to your callback URL with the code in the query string
You exchange the code for a token.
The most common reason for
Is you
This might occur if you return to your website, do the code for token exchange, then redirect from that page to another page with the code still in the query string and then your code for token exchange login fires again (I’ve done that before myself)
Code’s should be considered similar to access tokens and not leaked publically. Granted I can’t do much with the code since I’d need your secret. But still it’s not good practice. I have removed it from your post
Add server side logging to your calls to confirm whats going on. Log all your outbound http requests?
So I don’t know.
The only time I’ve run into it is when my code was doing the exchange twice in error. (Usually because it did the exchange then I’ve hit F5 and it tried to exchange again).