Whats the diffrence/ use of the refresh token vs the auth token?

ive recived both, i understood that the authtoken is singal use, what do i do with the refresh token?
i guess its for getting another auth token without the user loggin in again but how do i do that?

a refresh token is used to get a new access token
when the access token has expired.

when you use the refresh token you may get a new refresh token in the response

but whats the request i send to get a new access code with the refresh token?

It is documented here:

so the flow is :
i send the following request using the refresh token:

axios.post(`https://id.twitch.tv/oauth2/token`, `grant_type=refresh_token&refresh_token=${refreshToken}&client_id=${client_id}&client_secret=${client_secret}`,
                headers: {
                    'Content-Type': 'application/x-www-form-urlencoded'

i’ll get in response an access token and possible a refresh token. after ive recived the access token ill go about my request as per usual yes?


1 Like

An access token is known as a bearer token. It is presented to a resource server (like the eventsub endpoints) and hence is considered disposable (hence its short lifetime).

A refresh token affords an extra layer of security because it is only ever presented to the authorization server (OAuth server) in combination with your client secret for purposes of obtaining a new access token. Refresh tokens typically have a much longer lifetime than access tokens.

As I understand it, refresh tokens only come into play with User Access Tokens, as those have a short lifetime. In the case of App Access Token, you will never have to deal with refresh tokens. You simply request a new App Access Token using your client ID and client secret from the authorization server.

On a sidenote, you can almost always use a User Access Token even if an endpoint requires only an App Access Token.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.