ive recived both, i understood that the authtoken is singal use, what do i do with the refresh token?
i guess its for getting another auth token without the user loggin in again but how do i do that?
a refresh token is used to get a new access token
when the access token has expired.
when you use the refresh token you may get a new refresh token in the response
but whats the request i send to get a new access code with the refresh token?
It is documented here:
so the flow is :
i send the following request using the refresh token:
axios.post(`https://id.twitch.tv/oauth2/token`, `grant_type=refresh_token&refresh_token=${refreshToken}&client_id=${client_id}&client_secret=${client_secret}`,
{
headers: {
'Content-Type': 'application/x-www-form-urlencoded'
}
i’ll get in response an access token and possible a refresh token. after ive recived the access token ill go about my request as per usual yes?
yup
1 Like
An access token is known as a bearer token. It is presented to a resource server (like the eventsub endpoints) and hence is considered disposable (hence its short lifetime).
A refresh token affords an extra layer of security because it is only ever presented to the authorization server (OAuth server) in combination with your client secret for purposes of obtaining a new access token. Refresh tokens typically have a much longer lifetime than access tokens.
As I understand it, refresh tokens only come into play with User Access Tokens, as those have a short lifetime. In the case of App Access Token, you will never have to deal with refresh tokens. You simply request a new App Access Token using your client ID and client secret from the authorization server.
On a sidenote, you can almost always use a User Access Token even if an endpoint requires only an App Access Token.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.