Normally, you would ask permission from the broadcaster once, then store the keys in a database.
Then use the keys in the database until those keys (and the refresh token dies)
You can gate access to your site however you want. but yes if you are using Twitch Auth, to log a user into yoru site to then use that site to view the moderators, then you’ll probably need to go thru the oAuth flow. With force_verify off you won’t get a accept dialog (but stil need to run thru the flow)
So it really depends here what you are actually doing with would allow us to suggest what to do.
TLDR: if your site uses Twitch to login to the site, then you’ll need to authenticate/oAuth whenever the session is no longer valid.