So twitch is not enforcing the use of jwts ? It’s fully up to the dev to make their own extension secure ?
I would like to avoid a situation where I will build the entire system and then twitch would complain about me not using their validation method or something.