Pubsub Authentication For Client Side Apps

I know there’s already a lot of entries regarding this topic but none of them seems to fit my circumstances. I’m making a desktop app that generates a OBS plugin that has a connection via websocket with the Twitch pubsub API, that plugin is really a website done with javascript so I can’t use my app secret. The way I was doing the authentication is that the desktop app first gets the access token using the implicit code flow, then when generating the plugin it sends that token and it’s done, the problem with that is that the token lasts 60 days and then it expires and I don’t have a way of refreshing that token. Is there a way for me to generate tokens using the implicit code flow without making the user access the authorize endpoint in the api after the first time?


The user has to manually provider a new token when it expires

1 Like

So the only way I could do this is making the plugin access a server and handling all of that in the server? there’s no way the user authenticates automatically, even with another method that is not the implicit code flow?

In a “front end no server scenario”

You can only use implict auth.

Or your front end talks to a server and the server does all the token schnangians.

That would be optimal to avoid the streamer having to do something every 60 days (or sooner)

In your current scenario you can only use implict auth.

As you cannot/shouldnot store your client secret in the desktop app for authentication purposes, as thats leaking your client secret.

1 Like

Alright thanks for answering this fast

I’m sorry for being annoying but I’ve seen that the chatterino app seems to use the implicit code flow and yet the authentication lasts for longer than 60 days, do you know what they might be doing

They are a “legacy” clientID.
Legacy clientID’s can generate forever tokens.

This is not longer supported by Twitch and at some point Twitch will nail all the legacy tokens for legacy clientID’s

1 Like

oh, well thanks :sweat_smile:

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.