PubSub JWT Token signing not working on Developer Rig

Hi! I’m trying to send a message to PubSub using the Developer Rig at the moment.

I’ve been using the Send Extension PubSub Message scheme along with the signed JWT. But still have a 403

Status Code: 403
Body:  {
  error: 'Forbidden',
  status: 403,
  message: 'Error (403): JWT could not be verified'

This is the token created

    const signedPayload = {
        "exp": Math.floor(new Date().getTime() / 1000) + 4,
        "user_id": payload.user_id,
        "role": "external",
        "channel_id": payload.channel_id,
        "pubsub_perms": {
            "send": [

    const token = jsonwebtoken.sign(signedPayload, secret);

Where payload.user_id and payload.channel_id are the correct values for the channel I’d like to send the data.

Using the https.request, and passing the options

    const options = {
        hostname: '',
        path: '/helix/extensions/pubsub',
        method: 'POST',
        headers: {
            'Authorization': `Bearer ${token}`,
            'Client-Id': clientId,
            'Content-Type': 'application/json',

Also clientId is the Client ID of the extension, is this correct?

I’ve already checked that the secret is exactly the same as in the Extension Client Configuration. Generated another and retried but it’s not working either.

What’s not working on the process? Thanks!

So you are trying to sign/create a JWT in front end code instead a view in the rig?
Which is a security risk since you leak your Extension secret to the world.

It looks like you didn’t base64decode the secret before passing it to jsonwebtoken.sign

1 Like

I’m creating it in the backend service that’s running with the Developer Rig, is this ok?

I’ve just checked and yeah, needed to base64decode the secret! Now it’s working, getting a 204 code!


Then it’s irrevelant that it’s “running with the dev rig” so all good. (the phrase threw a spanner)

Ok! cool. Thanks again :smile: