Am I missing something? Does everybody hardcode their extension secret into their EBS?
OK alternatively, if I would like the EBS to use the get-extension-secret endpoint, I need a secret to sign the JWT. It’s like a chicken-and-egg problem. How do I retrieve my ext secret if I need the secret to sign the JWT?
Resolved. My confusion resulted from the misunderstanding of who hosts the EBS. I incorrectly thought Twitch+Amazon hosted for me. I, the extension developer, will host the EBS and therefore I can use the extension secret however I see fit (environment variable, etc.)