Authentication for a chatbot

Hey there,

I’m currently writing a bot that needs to write messages to the twitch chat.
I currently use a twitch OAuth generator website which utilizes the implicit OAuth flow to generate a token for my bot. I did not know yet that it expires after 60 days.

How would I go about automatically getting a new token from twitch with my java app? (I cannot use the implicit code flow because hash parameters cannot be read server-side.)

The only option I know would be using the code flow once manually and then automatically from within the application but that code would only be valid for 4 hours.

Create a webpage that implments the “OAuth Authorization Code” flow with the scopes you need. This can even run off localhost

This will generate a token and refresh token.

So when the token dies you can generate a new token automatically. Refresh is documented here:

You’ll need to use your website, once and then whenever the refresh token dies completely. And the “initial” token fetching will always be manual. But refreshing a token is automatic, as long as the refresh is still valid

It’s worth noting, that that bots chat login token only needs to be valid when you login, so my bots will auto refresh the token at bot start/restart and uses an app access token for other API requests.

1 Like

So I’m just saving the refresh token and on restart of my application I’m using that to login again. Sounds good. When does the refresh token die completely though?

For clarity you use the refresh token to generate a new access token.

Generally speaking, Twitch refresh tokens do not have an expiry.

But there are a number of criteria that could invalidate a set of tokens. Such as a password reset, or generating too many seperate access tokens for the userID/clientID keypair.

The latter is unlikely, but this is just the things we know of that can nail a set of keys totally.

1 Like

That’s what I meant, yea.

Well, I cannot think of a way to programmatically resolve this issue. Maybe I’m just setting up a phone alarm that gets sent if the token is not refreshable ^^.

Yeah I have some sort of alert system setup for that. It’s super rare. And it’s not like your bot will need to restart/reconnect that often anyway

1 Like

True. Well, thanks for the fast and good reply!

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.