Don’t use your Twitch Secret here.
The Hub.Secret can be anything you want it to be, but it should not be the Secret for this ClientID. The secret is for you to use to test the payload to be valid from Twitch, so you can use any random string, but it shouldn’t be your Twitch Secret.
Secret used to sign notification payloads. The
X-Hub-Signatureheader is generated bysha256(secret, notification_bytes). We strongly encourage you to use this, so your application can verify that notifications are genuine.
It’s basically the same thing as “state” in oAuth loops.
As to your actual problem no idea, are you sure the endpoint, in hub.callback is correct? And if you are setting http it’s not dropping/failing when it force upgrades to https? Try the same code not using firebase if you can.