Hey there, I’m curious if Twitch describes what can potentially make up an app access token. Is it always alpha numeric? Is it possible it will include symbols at some point?
If you know of a page in the docs where this information is, please let me know!
This is covered in the oAuth Specification
The OAuth 2.0 authorization framework enables a third-party application to obtain limited access to an HTTP service, either on behalf of a resource owner by orchestrating an approval interaction between the resource owner and the HTTP service, or by...
(I’ve probably not linked the right section I’m still skimming)
Either way alpha/numeric/periods are the general expected formats.
But end of the day, you just accept what you are given and use it verbatim.
Basically the RFCs apply here Twitch does not
really differentiate from the RFC for Token generation here.
But an access token
could also be a JSON blob, depends on the service.
oauth 2.0 - What characters are allowed in an OAuth2 access token? - Stack Overflow
For my specific use case, I’m hoping to store the token with the expiry date/time in to a singular parameter. So was looking for a separator character like a semicolon. Sounds like that’s probably safe
No need to store the expirartion
To get if the token is valid and the time left on it.
Create an object.
Store the JSON string.
Well trying to limit calls, execution time, etc. In lambda.
Then don’t store the expiration at all and wait for a 4xx when calling a Helix resource.
Semi related, do you know how many app access tokens I can have valid at once for a client-id? Does it follow the same ~50 limit as user access tokens per refresh token?
50 app access tokens
50 user tokens per user
You generate the 51st it auto kills the 1st.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.