Send the JWT to your EBS/Server then
For public data use an app access token against the API using the userID extracted from the JWT
If you need the viewers email address. Ask for it with a text field.
You don’t neccassrilly need to access/use their twitch registered email. And users would often prefer to give you (the extension) a different email to the one linked to their Twitch.
Then you don’t need to worry so much about oAuth schnanigans