My application wants to let users log in using Twitch. I redirect them to the twitch page and they authenticate and I get the OAuth token from the kraken
authentication API.
My question originates from reading this piece of documentation:
This section applies only to developers who use Twitch to enable users to log into their applications. In these cases, Twitch ensures that users who identify themselves on third-party Web sites are who they say they are.
Twitch requires that applications using Twitch OAuth 2 authentication for login validate the access tokens with every request. That is, if your service uses Twitch as a form of authentication (to verify that a user is who he says he is on your platform), each request to your service must validate the continued viability of the access token.
Twitch periodically conducts audits. If we discover an application that is not re-validating access tokens (that is, an application that validates only for login and not thereafter), we may take punitive action, such as revoking the developer’s API key or throttling the application’s performance.
My use case is essentially getting the User ID from Twitch’s v5 GET
https://api.twitch.tv/kraken/user
API after they authorize and storing said User ID as a way to uniquely identify a Twitch user. Then, they are primarily communicating with my server alone through a websocket opened once, and I almost never need to talk to Twitch again after that. Users have to re-authenticate if they close the connection (the page, or disconnect, etc.), but that’s about it.
Should I set a timer to re-check the oauth token every 10 minutes? Every 5? Whenever the root URL says my token is going to run out? How do I make sure I’m validating properly and within the limits of the rules here? I don’t want to validate for every single command piped either way through my websocket because that’s a sure fire way to get rate limited, as there are hundreds of binary commands going back and forth between my server and my users.
I would really appreciate any guidance on the subject!