PubSub oAuth token help

Hello,
I’m developing a node.js app to read the channel points redeems and process them. Until now I was using a token generated by https://twitchtokengenerator.com/ just for “reading” my channel redeems and testing purposes. This site gave me a 60 day token to use (created at 12/Sep and still working without any refresh).
Then I followed this twitch dev example to create a “login” page so other users/friends can login and use the “service”. I’m getting an access and refresh token at the backend but the expire time seems to small (~15000s or ~4 hours, then it needs to be renewed).
image
Is this the right way to do it? Do I need to refresh the tokens every ~4 hours and renew the connection to PubSub websocket with the new token that I get after the refresh?

Thanks

Yup that is correct.

And best advice is to use your own Auth loop not a third parties, since a third parties won’t return the refresh token to use. And when it dies the caster has to stop and go and reauth.

Where as with this you just reauth and LISTEN again

So you don’t have to full restart the process.
Just UNLISTEN and LISTEN with the new token.
Normally you’d probably want to refresh with 30 minutes left rather than let it go to the last second

Just remember when you refresh you may get a new refresh token so remember to store that in case the refresh token was updated!

And best advice is to use your own Auth loop not a third parties, since a third parties won’t return the refresh token to use.

Yup, I was just using that 3rd party token generator to make my life easier while in dev of the backend (redeem “processor”), since the token would last 60 days as they mention in their website. Also just for curiosity, what’s the difference of their token to last that amount of time? They also send a refresh token…

Just UNLISTEN and LISTEN with the new token.

That’s what I meant (in other words) :upside_down_face:

Just remember when you refresh you may get a new refresh token so remember to store that in case the refresh token was updated!

Thanks for the advise! I refreshed a token a few times and got the same refresh token every time but it’s good to know that is not always the case!

It’s an implicit auth token, so it just comes with a different expire

  • User token - 4 hours (can refresh automatically)
  • Implict user token - 60 days can’t refresh automatically
  • App Access Token - No user, 60 days, can’t refresh (but server to server so you can make new token automatically)
  • OIDC user representation - JWT (not a token) returns a blob of user data - good for 15 minutes but can ignore the expiry (the blob represents user data at that time), the JWT can’t call any endpoints bar the OIDC userinfo, also returns a user access token, (comes in both regular and implicit forms)

Are the four types of token Twitch has

Shouldn’t of there is no refresh token for implicit auth tokens (tokens that last 60 days)

https://twitchtokengenerator.com/ uses a semi-auth flow, and gives you a refresh token you can use on their own API to refresh. I don’t know what they do on the backend to create this though.

I don’t know what they do on the backend to create this though.

They have the code on github if it helps to understand. I’m not much an expert in this subject, so I’m a little bit lost :sweat_smile: but I got the explanation from @BarryCarlyon and I will try it! :grinning:
Since I was using that 3rd party token generator I thought that my tokens would last the same amount of time and when I got ~15000s I was a bit confused!

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.