Confused about authorization token expiring

I’m following this documentation in order to get an access token that I can use with the “tmi.js” library. This library requires a username and an oauth token.

The token I will have to use it, first to get the username and then finally be able to create the tmi.js instance to connect to a channel.

What I don’t understand is that the token has expiration (I know I can generate a token at Twitch Chat Password Generator that wont expire)

So how do I generate a token that doesn’t expire?

You don’t

all tokens expire.


And create you own oAuth flow.
This lets you use code flow to get an access and refresh token.
Then you would use the refresh token to get a new access token

1 Like

But the ones generated by that website last “A lot” I mean, I think I have had those oauth tokens on some accounts and they have been working for 30 days +

Wont the ones generated with the Authorization code grant flow expire after about 4 hours.

I’m guessing for this case I can use the Implicit grant flow (I though this one was short lived) but apparently no. It’s different from other platforms. In Twitch case, this one doesn’t mention any expiration at all. Which is weird.

legacy client ID. Infinte length tokens are not the “normal” way of things existing.

And come with a refresh token to use meaning you can continue to operate

Implict and client creds are around 60 days
Regular code flow is 4 hours, refreshable, so in theory, infinite

What doesn’t mention expiration this is unclear.

1 Like

The response that comes from an Implicit doesn’t come with “expires_in”


Will experiment with the one that lasts 4 hours and see what happens after been connected 4 hours to a channel, if it still can send messages or a “re-authorization” needs to happen causing the bot to disconnect from chat missing commands during that process.

Then call the validate token endpoint to fetch it.

I would have to check, but I believe it’s part of the spec not to return expiration here for this token type.

You won’t need to reconnect as the bot won’t get kicked when the token dies.

But you will need to regenerate the token in order to ban/timeout/other actions via the API.

1 Like

Oh good to know. Thanks a lot Barry.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.