Am I missing something? Does everybody hardcode their extension secret into their EBS?
OK alternatively, if I would like the EBS to use the get-extension-secret endpoint, I need a secret to sign the JWT. It’s like a chicken-and-egg problem. How do I retrieve my ext secret if I need the secret to sign the JWT?