Problem with JWT Signing


I am having a little problem with getting JWT verified and I am not sure what it is I am doing wrong.

I am using the Java version of JWT ( GitHub - auth0/java-jwt: Java implementation of JSON Web Token (JWT) )

My backend code is as follows

Algorithm algorithm = Algorithm.HMAC256(Base64.getDecoder().decode("the EBS Secret"));
String token = JWT.create()
        .withClaim("pubsub_perms": nestedClaim)
    .withClaim("exp", new Date(System.currentTimeMillis() + 60000))
    .withClaim("user_id", channelID) // chanelID is in string format not int
	.withClaim("token", "external")

example: payload data from above:

  "role": "external",
  "user_id": "11111111",
  "exp": 1509880,
  "pubsub_perms": {
"send": [
"listen": [
  "channel_id": "111111111111"

I then PUT to twitch api: example PUT:
PUT /extensions/extensionid/0.0.1/oauth_receipt?channel_id=channelid HTTP/1.1
accept: application/vnd.twitchtv.v5+json
content-type: application/json
client-id: extensionid
authorization: Bearer token_generated_from_above
content-length: 0

endpoint responds with {“error”:“Unauthorized”,“status”:401,“message”:“authentication failed”}

Your payload is wrong for this request.


            $payload = array(
                'exp' => time() + 60,
                'user_id' => '15185913',
                'role' => 'external',

Is the correct payload.

  • exp - Time in seconds (and add a bit)
  • user_id - the UserID of the person who OWNS the extension, as a string
  • role - external is the only value
1 Like