Hi,
I’m trying to make an app that uses the API and am wondering if i have to store the token (to “remember” the user so that he doesn’t have to always log on every start) or if i can “delete” the token and renew it at every start.
I’ll try to explain myself more clearly.
So when someone launch the app for the first time it prompts the Twitch logging (to authorize the app) and so the app can get the token. As for now i was thinking of storing the token and encrypt it but is it possible to “disable” the token and re-enable it when the app is launch. I saw i can revoke the token but i think it de-authorize the app for the user which is not what i’m looking for.
Sorry if my english isn’t perfect and if i didn’t made myself clear enough.
You’re thinking about the authentication flow correctly, specifically that you’ll need to store the tokens you receive for each user of your app.
It sounds like you’re using User Access Tokens, which are issued with an expiration time (about 4 hours from creation). When a token expires you can use the refresh token to get another access token. That route is an alternative to forcing the user to re-authorize your application every 4 hours or so.
Using tokens in this way seems to be conventional for OAuth systems, so there are other resources out there that may help:
