App Access Token Type

Hey there, I’m curious if Twitch describes what can potentially make up an app access token. Is it always alpha numeric? Is it possible it will include symbols at some point?

If you know of a page in the docs where this information is, please let me know!

This is covered in the oAuth Specification

(I’ve probably not linked the right section I’m still skimming)

1 Like

Thank you much!

Either way alpha/numeric/periods are the general expected formats.

But end of the day, you just accept what you are given and use it verbatim.

Basically the RFCs apply here Twitch does not really differentiate from the RFC for Token generation here.

But an access token could also be a JSON blob, depends on the service.

Further reading: oauth 2.0 - What characters are allowed in an OAuth2 access token? - Stack Overflow

For my specific use case, I’m hoping to store the token with the expiry date/time in to a singular parameter. So was looking for a separator character like a semicolon. Sounds like that’s probably safe :slight_smile:

No need to store the expirartion

Use validate

To get if the token is valid and the time left on it.

Create an object.
Store the JSON string.

Well trying to limit calls, execution time, etc. In lambda.

Then don’t store the expiration at all and wait for a 4xx when calling a Helix resource.

Semi related, do you know how many app access tokens I can have valid at once for a client-id? Does it follow the same ~50 limit as user access tokens per refresh token?


50 app access tokens
50 user tokens per user

You generate the 51st it auto kills the 1st.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.