There are a number of things that could make a opaqueID change.
As to a lib like fingerprintJS, not sure off hand if Twitch Extension Review would accept of deny an extension including it.
Generally speaking an opaqueID should be sufficent.
Also worth noting that users banned/timedout on a channel can’t see extensions at all.
And mobile you won’t get anything unless they open the extension in the mobile app