Your frontend should sent the JWT from onAuthorized to your server with every request.
You can then Validate the JWT by using your Extension Client Secret. This allows you to be sure that all the information in the JWT, such as the user ID if they’ve shared their identity, or any other info, is all legitimate and not modified, as only you and Twitch know the Extension Client Secret so no one else can sign a JWT that’d pass validation.