Huh, I missed those bullet points the first few times through, thanks.
It sounds like this isn’t going to change, so I’ll plan to switch to issuing a self-signed JWT with the access_token as a (edit: hashed) claim instead of having users carry their own Twitch-issued OIDC tokens as authorization passes with our services (unless this sounds dumb to you, and you feel kind enough to point out why 
)
For my own curiosity: is there some reason or spec that explains why 1) OIDC tokens are so short lived and 2) they cannot be refreshed? (i’m definitely not trying to start any arguments or anything, but here’s Eugenio Pace, founder & CEO of Auth0 claiming that–at least, in 2014–access_token’s and id_token’s are logically equivalent, and suggests the exact flow I was trying to accomplish here as a valid flow: https://stackoverflow.com/a/25695820/10453923 .) If this is incorrect, or outdated info, I’m curious as to why. Thanks in advance!