That is how oAuth works.
however
This flow returns a user access token, and a refresh token.
as per Getting OAuth Access Tokens | Twitch Developers
{
"access_token": "<user access token>",
"refresh_token": "<refresh token>",
"expires_in": <number of seconds until the token expires>,
"scope": ["<your previously listed scope(s)>"],
"token_type": "bearer"
}
When your bot starts, if the access token is invalid you can use the refresh token to get a new access token
Then if the refresh token is sitll good you do not need to use the webpage/sign in stuff.
As you then use the refresh token to get a new access token and away you go (this may then return a new refresh token to store)
So in theory you only need to “seed” your bot with an access and refresh token ONCE and it will keep going until the refresh token is no longer usable.
Which shouldn’t happen, except as noted:
- weird fun edge cases
- you delinked yoru clientID from the bot user account
- you reset the password on the bot user account
Security reasons!
And to Twitch, a bot isn’t a bot, it’s just a user account thats has chat messages run from a script. Just like a third party chat client.