Step 1 of User oAuth requires you to manually grant access between the bot account and the ClientID via a web browser.
Once you have done this, you can then use the refresh_token to automate getting a new token.
As long as the refresh_token remains valid, you can use it to get a new access token, you may get a new refresh token returned when you refresh.
Thats just for “quick start”/testing and you really shouldn’t use it in production, it generates a non refreshable Implict Access Token, which is no good for bots to auto remain connected
A Client Credentials token, as linked, doesn’t represent a user, so cannot do user actions, such as login to chat to read/write.
Night will have autothorised NightBot to NightBot’s application, once via a browser, then night will use nightbot’s refresh token to regenerate an Access Token as needed.
And then if the refresh token dies, Night will reauthorise the account manually.
So, TLDR
- Do Getting OAuth Access Tokens | Twitch Developers once to get an initial token and a refresh token, via a Web browser and oAuth loop you control
- Then refresh as needed Authentication | Twitch Developers
A bots token is only checked when the bot starts/re/connects to chat, so you’ll only need to refresh when (re)connecting to Twitch, (and the bot can use a client_creds total internally for uptime checks etc)