From b0bc6471786a491259e957ea4a8b351295bc5410 Mon Sep 17 00:00:00 2001
From: "Zed A. Shaw" <zed.shaw@gmail.com>
Date: Mon, 1 Jun 2026 15:28:42 -0400
Subject: [PATCH] Mention no trailing slash on the localhost Oauth2 redirect.

---
 README.md | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/README.md b/README.md
index fb06e16..4bdff25 100644
--- a/README.md
+++ b/README.md
@@ -90,7 +90,7 @@ provisioning thing:
    you do `--user-token` here since you need the Oauth2 authentication even though you said in [the
 console](https://dev.twitch.tv/docs/cli/) that your application is Confidential.
 4. The `twitch` command will then open a browser for you to approve your bot using Oauth2.
-5. After you approve it your browser will redirect back to http://localhost:3000/ and the `twitch`
+5. After you approve it your browser will redirect back to http://localhost:3000 (NO TRAILING SLASH!) and the `twitch`
    command will handle the Oauth2 result.
 6. It will then output your `ClientSecret` and `RefreshToken` for the `secret.json` file used in
    this bot's configuration.  __DO NOT COMMIT THIS TO GIT__.
@@ -134,10 +134,11 @@ wait and it will wait then say that.
 
 ## TODO
 
-1. Hot reloading would be nice.
-2. Controlling the bot from the chat, which would require
-3. Authenticating the owner?  Or just knowing it's you.
-4. Productionizing how it's run, as in making it run as a server.
+1. Automated key refresh.
+2. Hot reloading would be nice.
+3. Controlling the bot from the chat, which would require
+4. Authenticating the owner?  Or just knowing it's you.
+5. Productionizing how it's run, as in making it run as a server.
 
 ## Conspiracy Theory