Not understanding token expirations

Legacy Client ID’s (ie older client IDs) or the clientID from the third party TMI token generator for example.

Can generate tokens that have no expiration, this will likely change at some point

ClientID’s are public no need to hide those

Your UserID is also public, no need to hide those either.