Clarify that client_secret isn't required to refresh access tokens in the device code grant flow

twitchdev / issues

Issue tracker for third party developers.

Apache License 2.0

72 stars 7 forks source link

Clarify that client_secret isn't required to refresh access tokens in the device code grant flow #953

Open zaytri opened 1 month ago

zaytri commented 1 month ago

Brief description In https://dev.twitch.tv/docs/authentication/refresh-tokens/, it states that the client_secret is required.

Expected documentation There should be clarification that client_secret is not required when using refresh tokens obtained and refreshed from the device code grant flow.

BarryCarlyon commented 1 month ago

Unless that DCF token was made with a confidential client ala https://github.com/twitchdev/issues/issues/943