Your token was from TwitchApps as you said. And that is an ancient ClientID which has “forever” tokens. It’s not “normal” for Access Tokens to last forever.
This is NOT NORMAL behaviour. And at some point old ClientID’s will likely lose “forever” tokens. Also another reason to not use someone elses token generator.
And as you noted “Tokens don’t last forever” in the authentication documentation:
The time isn’t documented as it could change, so the following should be used to determine expiration:
The expiration time is returned from two places:
- from the validate endpoint
- in the payload when you exchange a code for a token when doing code auth
So for an implicit token, you dont’ get the expiration time back when generated so you’d have to call validate to get time remaining
You’ll also find that Implict (and app access) tokens, are around 60 days and not exactly 60 days (could be 59 or 61)
So durations not covered as Twitch could decide tomorrow that regular tokens are valid for 6 hours and since developers get the time back on token gen, or can validate to get time left, no one would notice if the time was changed.
And if your Helix call 403’s (I forget off hand if it’s a 403) due to a bad token, you can just regenerate the token and try again.