Is there a reason why the refresh token is not used? #28

New Issue

2023-09-12T14:33:10+02:00

agentilo commented

2023-09-12 14:33:10 +02:00

(Migrated from github.com)

Hi,
just went through the code and saw that it is using the Authorization code grant flow for authenticating with twitch, which is great!
But I am not sure, if I miss something here.

Your code checks, if the access token is still valid and if it isn't a signal is called but as far as I see, it does not try to get a new token by using the refresh token you got on authorization.

The authorize function also will always just newly authenticate to get an access token. If the file already exists (which should also include a refresh token) it could simply refresh the token, so the user does not have to open the browser everytime the game is started.

My take on this would be:

authorize function:

if the auth/user_token file exists check if there is an refresh token also. If so try refreshing.
if the file does not exist, can not be opened, or does not include a refresh token do the stuff the function does normally.

on creation of the auth/user_token file also append the refreshtoken gained at the https://id.twitch.tv/oauth2/token call.

expired_token_check:

if the token expired check for the refresh token and if it exists refresh the token and save the new one. Then restart the websocket connection
else keep the existing signal and tell the user he has to connect again.

Hi, just went through the code and saw that it is using the Authorization code grant flow for authenticating with twitch, which is great! But I am not sure, if I miss something here. Your code checks, if the access token is still valid and if it isn't a signal is called but as far as I see, it does not try to get a new token by using the refresh token you got on authorization. The authorize function also will always just newly authenticate to get an access token. If the file already exists (which should also include a refresh token) it could simply refresh the token, so the user does not have to open the browser everytime the game is started. My take on this would be: authorize function: * if the auth/user_token file exists check if there is an refresh token also. If so try refreshing. * if the file does not exist, can not be opened, or does not include a refresh token do the stuff the function does normally. + on creation of the auth/user_token file also append the refreshtoken gained at the https://id.twitch.tv/oauth2/token call. expired_token_check: * if the token expired check for the refresh token and if it exists refresh the token and save the new one. Then restart the websocket connection * else keep the existing signal and tell the user he has to connect again.

issork commented

2023-09-12 19:39:31 +02:00

(Migrated from github.com)

Thanks! I do not remember why I didn't use the refresh token, so I'm assuming that this was an overlook on my end. Your proposal looks good to me.

JDDoesDev commented

2023-10-07 22:51:19 +02:00

(Migrated from github.com)

Has there been any movement or PR on this issue? I think this is a great idea and should be added to an upcoming release

issork commented

2023-10-25 18:38:02 +02:00

(Migrated from github.com)

Implemented in 0545456faa for the initial connection. If the token becomes invalid while the program is running, users will have to refresh it themselves with the new refresh_access_token method when the user_token_invalid signal is emitted.

Will keep this issue open until auto-refreshing after a failed API call is implemented as well.

Implemented in 0545456faa8537a86bb266fe1df8fd3d06505358 for the initial connection. If the token becomes invalid while the program is running, users will have to refresh it themselves with the new refresh_access_token method when the user_token_invalid signal is emitted. Will keep this issue open until auto-refreshing after a failed API call is implemented as well.

Sign in to join this conversation.

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: issork/gift#28