By this I meant validating the jwt from the extension level so I wouldn’t have to store the secret in the extension itself.