[SOLVED] JWT authentication and verify


I’m trying to use JWT authentication in my extension. So, at FrontEnd I sent next query:

    const userInformation = {
      getInfo: createRequest('GET', 'info')
    function createRequest (type, method) {
      return {
        method: type,
        url: location.protocol + '//localhost:8000/drmad/' + method,
    function setAuth (request, token) {
      Object.keys(request).forEach((req) => {
        twitch.rig.log('Setting auth headers');
        request[req].headers = { 'Authorization': 'Bearer ' + token };
    twitch.onAuthorized(function (auth) {
      token = auth.token;
      setAuth(userInformation, token);
      axios(utilsRequests).then(res => console.log(res))

That token I got from twitch.onAuthorized function
In EBS I tried to verify that token by my secret that I got from here:

So, using Python, I got that code:

token = request.META.get('HTTP_AUTHORIZATION', '')[len("Bearer "):]
my_secret = base64.b64decode(settings.DRMAD_SECRET)
jwt.decode(token, my_secret, algorithms=['HS256'])

But when I’m trying to decode my token, I get an error:
jwt.exceptions.InvalidSignatureError: Signature verification failed
I also tried to check my token and secret on jwt.io site. But I got an answer that it has “Invalid Signature”
What can I do wrong? Thanks for helping

My jwt.io checking:

Assuming that the header was set correctly in Frontend, which looks correct
And your copy nad pasted the secret correcty.
and having checked token contains what it’s supposed to contain on the backedn
I don’t see any obviously wrong here.

So it looks like inbound requests to your python didn’t extract the token correctly?
Does token in python contain what it’s supposed to contain?
And debug your outbound request to check it’s what you expect

Yes, In EBS I see that my token looks like in FrontEnd. And I tried copy/paste token from FrontEnd to jwt.io, but with no results
Can it be connected with using twitch developer-rig program and starting FrontEnd from that program?

Perhaps the developer rig might have an outdated/wrong secret you can try the following, one or more of the following in this order

  • Hit Refresh Manifest
  • Recreate the Views
  • Remove the project from the rig and add it again. (Don’t make a new extension, just remove and readd it to the rig)
1 Like

Yes, after closing and opening project again program asked me about my secret key. I put it in program and everything is great. Thanks!

Also make sure your rig is up to date, current version is v1.2.14

1 Like