Unable to verify signature of user JWT token

We recently had to revoke and recreate our client secrets and despite double checking the new values are correct all attempts to valid incoming JWT tokens from the front end extension fail despite no code having been changed.

Is there a recommended path to investigate further? We also experienced a weird issue in that our owning Twitch account no longer existed far as the API was concerned. Though we seemed to have resolved that by logging into the account on twitch.tv

First thing to check is to ensure you’re using the correct secret. The Extension Settings page has 2 secrets.

  1. In the section Twitch API Client Configuration which relates to the OAuth process and is not used to verify JWTs.
  2. Another secret is in the Extension Client Configuration, which is the secret used to verify JWTs so make sure it’s this secret you’re attempting to use.

Also if you’re trying to use the Extension DevRig, make sure you use the update manifest button as that’ll sync the rig with whatever is the current Extension settings.

That sounds like the account may have been deactivated, as those users aren’t returned in API requests such as Get Users, and when logging in it reactivated the account so once again would show in the API. I don’t believe this should impact the issue you’re currently experiencing though.