I think you need to use the user_id of the extension owner (your own one, as string). Also did you base64 decode the secret you get from the extension page? For me authentication only worked after decoding it and signing using the decoded key, though I am not using node.js so I can’t help you on how to do that, check the readme of your jwt library.