Thanks, I’ve swapped in your code and installed the JWT NuGet library (also added a “pubsub_perms” Claim, and changed the “role” Claim to “external” per the docs for pubsub)…
But I’m still getting back the same HTTP response from Twitch:
{“error”:“Forbidden”,“status”:403,“message”:“Error (403): JWT could not be verified”}
I don’t get what I could be doing wrong… 
I am using the same Extension Secret value in my EBS to validate incoming Extension viewer JWT’s on other endpoints… so I don’t think that could be the problem. I may try generating a new Secret anyway