Do not show tokens to anyone - got it!
I’m storing my Twitch sessions locally. After I got token and info about user with token, I insert all in my database with my own generated session id. This session id also been placed in user’s cookies so he can access he’s info - nickname and avatar. This way i can identify users on my site faster, I don’t need to call Twitch API on every page. I also will be abble to block users on my site by their Twitch id or add more fields in their profiles. I think that’s a right aproach. But I’m not sure should I even store tokens in my database? I don’t see any good use of them yet.