That works if instead of using their site your use your own site.
Then the user copy/pastes the token from your ClientID site to the app.
You shouldn’t rely on someone elses clientID, since if it dies/removed/revoked poof goes all your tokens.
In this example, you’d have to provide a new token every 60 days since it can’t be refreshed.
That in theory is a security issue, since it’s essentially a “password” so if someone obtains it thats difficult to revoke. Even more so if it’s a “forver” token like what I think you are proposing here. And you would have no idea who else could be using that token, which would reduce the rate limit that could be able availble to your app, and if the same token is in use from multiple IP’s that looks like a security issue. (If Twitch audits and goes “somethings awry”)
It shouldn’t prompt every hour…
A “normal” user token is good for 4 hours and you can refresh it automatically (but that needs the client secret which can’t be in a desktop app).
An implict user token is good for 60 days (generally) but can’t be auto remade.