Thank you for the reply.
My system currently works like this:
I get the JWT from the onAuthorized callback when the extension loads and then I’m sending it to the EBS.
The EBS then checks if the JWT is valid and assigns the user a unique token which then it sends back and which has to be present in every message from the extension to the EBS afterwards.
The tokens assigned by my EBS are valid for 30 minutes.
After the token expires the EBS asks the extension for a new JWT.
If it’s delivered the cycle repeats, if not then the communication ends.
My main concern is if twitch will complain about a solution like that ? I’m especially not sure since I’m using a websocket and most people seem to be using http.