You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
If you have a ClietnId that is confidentical
If you use DCF to get a token with out a client secret involved.
And you do get a valid token to use
The refresh token cannot be used as it declares "invalid secret"
Brief description
If you have a ClietnId that is confidentical
If you use DCF to get a token with out a client secret involved.
And you do get a valid token to use
The refresh token cannot be used as it declares "invalid secret"
How to reproduce
using https://github.com/BarryCarlyon/twitch_misc/tree/main/authentication/electron_devicecode
Feed in a public ClientID
login
get a token yay
revoke the user token with https://barrycarlyon.github.io/twitch_misc/examples/token_checker/
reopen the app it will refresh
Feed in a confidential ClientID
login
get a token yay
revoke the user token with https://barrycarlyon.github.io/twitch_misc/examples/token_checker/
reopen receive
Refresh dead jim 400 {"status":400,"message":"missing client secret"}Expected behavior
I can refresh as I have a user token generated in the first place without a secret
IE a token generated without a secret, should be refreshable without the secret
The text was updated successfully, but these errors were encountered: