Nop, everything is done in the browser for this side!
It’s something like this : https://id.twitch.tv/oauth2/token?client_id=${TWITCH_CLIENT_ID}&client_secret=${TWITCH_CLIENT_SECRET}&code=${code}&grant_type=authorization_code&redirect_uri=${TWITCH_REDIRECT_URI}
Wohhh, what? wait! refresh_token is given as response to this request? So it’s at this step that we must store refresh_token to use it when access_token expires?
I’ve never understood that, either I must read more closely document or it’s not very explicit :')