Using the OAuth authorization code flow.
- Game prompt the authorization page.
- User agrees.
- Redirect to our backend that stores the authorization code
- Game calls for a status update from the backend
- Backend requests OAuth token using Client ID, Secret and stored authorization code of that specific user
- Token is used to retrieved User and Stream data
- Parsed data is sent to the game
This works. However, if the user close the game or we reboot our backend, we get “400 Bad Request” on the “Request OAuth token” step.
If we restart the process from the beginning, and retrieved a new authorization code, everything works.
Is there an issue to requesting again an OAuth token before it’s expired? What to do if the token is lost (user gone, backend restarted)?
The message attached is “Invalid authorization code”, does a user really need to re-authorize a game everytime an OAuth token is requested?