Open BarryCarlyon opened 2 months ago
Brief description
If you have a ClietnId that is confidentical If you use DCF to get a token with out a client secret involved. And you do get a valid token to use The refresh token cannot be used as it declares "invalid secret"
How to reproduce
using https://github.com/BarryCarlyon/twitch_misc/tree/main/authentication/electron_devicecode
Feed in a public ClientID
login
get a token yay
revoke the user token with https://barrycarlyon.github.io/twitch_misc/examples/token_checker/
reopen the app it will refresh
Feed in a confidential ClientID
reopen receive Refresh dead jim 400 {"status":400,"message":"missing client secret"}
Refresh dead jim 400 {"status":400,"message":"missing client secret"}
Expected behavior
I can refresh as I have a user token generated in the first place without a secret
IE a token generated without a secret, should be refreshable without the secret
Brief description
If you have a ClietnId that is confidentical If you use DCF to get a token with out a client secret involved. And you do get a valid token to use The refresh token cannot be used as it declares "invalid secret"
How to reproduce
using https://github.com/BarryCarlyon/twitch_misc/tree/main/authentication/electron_devicecode
Feed in a public ClientID
login
get a token yay
revoke the user token with https://barrycarlyon.github.io/twitch_misc/examples/token_checker/
reopen the app it will refresh
Feed in a confidential ClientID
login
get a token yay
revoke the user token with https://barrycarlyon.github.io/twitch_misc/examples/token_checker/
reopen receive
Refresh dead jim 400 {"status":400,"message":"missing client secret"}Expected behavior
I can refresh as I have a user token generated in the first place without a secret
IE a token generated without a secret, should be refreshable without the secret