I’m trying to sign an EBS JWT, and send a PubSub message to all viewers on a channel that has my Extension. When I call twitch’s API to send the PubSub message, I get back “403 JWT Could not be verified”, so I know I must be signing it wrong.
I’m using .NET Core (aka: dotnet core), but I have to admit, I’ve never had to build and sign JWT’s before, so there’s likely an issue w/ my code (below) or maybe I’m using the wrong encryption algorithm (HS256):
private string generateEbsJwt(string channelId)
{
var claims = new[]
{
new Claim("channel_id", channelId),
new Claim("user_id", channelId),
new Claim("role", "external"),
new Claim("pubsub_perms", JsonConvert.SerializeObject( new { send = new[] { "broadcast" } })),
};
string twitchExtensionSecret = _configuration.GetValue<string>("TwitchExtSecret");
var token = new JwtSecurityToken
(
claims: claims,
expires: DateTime.UtcNow.AddHours(10),
signingCredentials: new SigningCredentials( new SymmetricSecurityKey(Convert.FromBase64String(twitchExtensionSecret)),
SecurityAlgorithms.HmacSha256)
);
var jwtHandler = new JwtSecurityTokenHandler();
var signedToken = jwtHandler.WriteToken(token);
return signedToken;
}
The “TwitchExtSecret” value that I’m reading from configuration is the Secret I obtained from the dev.twtich.tv console for my extension, as-is without changing it.
So that value feeds into
new SymmetricSecurityKey(Convert.FromBase64String(twitchExtensionSecret)
where it’s considered a base 64 string and that line of code converts it to a byte[]. Am I doing that wrong?
Also, this is how i’m sending the actual request to Twitch, including adding the Bearer token as an Authorization header:
var authorizationHeader = generateEbsJwt(channelId);
var request = new HttpRequestMessage(HttpMethod.Post, $"https://api.twitch.tv/extensions/message/{channelId}");
request.Content = new StringContent(sendMessageContent);
request.Content.Headers.ContentType = new System.Net.Http.Headers.MediaTypeHeaderValue("application/json");
request.Headers.Add("Authorization", "Bearer " + authorizationHeader);
request.Headers.Add("Client-Id", _configuration.GetValue<string>("TwitchExtClientId"));
var response = await httpClient.SendAsync(request);