GET 'https://id.twitch.tv/oauth2/authorize?response_type=code&client_id=uo6dggojyb8d6soh92zknwmi5ej1q2&redirect_uri=http://localhost&scope=viewing_activity_read&state=c3ab8aa609ea11e793ae92361f002671'
2- Get refresh token by creating this request
POST https://id.twitch.tv/oauth2/token
?client_id=<your client ID>
&client_secret=<your client secret>
&code=<authorization code received above>
&grant_type=authorization_code
&redirect_uri=<your registered redirect URI>
Refresh Tokens don’t have an expiry attached to them.
You already said you are storing the new refresh token.
So you have something else going on that is causing the token and it’s refresh token to be dead.
As you should be able to keep refreshing forever!
Either the user did something like
disconnect the app,
reset their password,
generated 25 tokens, and the 26th token killed the first in the list. (Generating could be logging into your application for example, and not revoking as you go)
POST
https://id.twitch.tv/oauth2/token?grant_type=refresh_token&refresh_token=xxxx&client_id=xxxx&client_secret=xxxx
By making this request I get the same refresh token each time ( I send refresh_token=xxxx and I get refresh_token=xxxx ), and that’s where I store it, it doesn’t make sense to me to store it since it’s the same each time, but I read that I may get a different one so I need to store it again and again.
If the refresh token I send/get at this request does not expire, then as you said there must be something else that happened.