Run Extension in Rig, JWT Signature Invalid

Hi, I"m very new to the Dev Rig, but not so new to JWTs. New to Golang, but am able to hack my way along. I’ve been trying to run the “animal fun facts” demo. Perhaps this isn’t even an “extension”?

When I run it in the Dev Rig extension, I do not see anything trying to hit the Golang backend. I fought for a while getting it configured properly, and now seem to be stuck on the JWT authentication part. I’m looking through the documentation here: specifically for the JWT parts.

To get the backend working I am running the Go code and hitting it with curl. I’m building my JWT on the official website, and then sending it via curl “Authorization: Bearer” style. The Go code complained a few times but eventually I put together a bearer token it was able to parse. But now I get “2018/10/27 18:38:30 signature is invalid” message. I am using the “client secret” in the JWT tool when I create my bearer token.

There’s some way to use the builder to verify the signature. What should I be using to get this signature correct?

Here is the JWT body that I’m trying to use:

  "exp": 1572233209,
  "role": "broadcaster",
  "pubsub_perms": {
    "listen": [
    "send": [
  "channel_id": "<my numeric user id>",
  "user_id": "<my numeric id>",
  "iat": 1540697209

I’ll answer my own post, that or delete it. There’s enough history to Twitch Apps & Extensions that the documentations is a big fragmented but I’ve since made lots of finds in the documentation. The result is that my question above is kind of unanswerable.

There are Apps & there are Extensions. Apps came first. They were built on the v5 API. The docs relevant to auth & JWTs is in there. There are 3 different types and the best way to get your head around them is to do the examples in curl.

I’m still not clear on the crossover of Apps & Extensions where it concerns authentication. The demos speak of client IDs and secrets, but there are two sets, one for Apps and one for Extensions. I don’t quite understand which set to use but I did use my App config for the curl examples linked above.

I’m focussed on developing the backend for a Video Overlay type extension, if there’s any pointers for that.

An extension has a ClientID and a Secret, which you can rotate.

Go To

  • Dashboard
  • Manage the Extension

On the right you will find the Client ID.

From here go to:

  • Settings
  • Secret Keys

Here you can obtain and cycle your Secret key to go with JWT auth.


  • Client Configuration

You can obtain and set the RedirectURL and Client Secret. Which are the “traditional” URL/Secret from using a “regular” App Client ID.

So Client Configuration has the Secret/Redirect you would use for Broadcaster (Extension Config) oAuth.

You don’t need an Extension AND an App, you only need an extension, (an extension is basically an App with extra features and you can’t change the ClientID “type”)

So to Build an App Access Token you need the Client ID from the right, and the Secret from Client Configuration

I hope that helps!

Thank you that helped confirm a couple of things for me and I’ve since made some API calls using curl. I think that once I put one up “live” and can view it in the sandbox (or my own channel) that will solidify things for me nicely.