What I'm trying to connect to the Twitch IRC via this library called tmi.js, which requires a Twitch username and oauth token to login.
I can do this without much issue, I just hard code:
identity: { username: newbot password: oauth:123123 }
With this I can connect to Twitch chat channels and do whatever I need to do. However, anyone can just inspect the page, look at the javascript here and take my bot's oauth token.
I tried looking up some ways to securely use this oauth token but got pretty overwhelmed with the results.
My question is, how can I implement a refreshing token mechanism, where the token changes after a certain time period and the javascript app keeps refreshing it? Is this even the recommended approach?
I need some help in understanding how Oauth tokens should be handled so I can come up with a good solution for this simple problem (probably without a simple solution).
