As you’re using
onAuthorized, it looks like you’re attempting to do this on the client side? You can’t create tokens client side as that would mean exposing your secret which would be a huge security breach.
Yes, I am. Thank you very much.
You should only be creating tokens on your EBS, and the
user_idin the JWT isn’t “the userId from before”, it’s the id of the extension owner.
I am the extension owner, shouldn’t the id from before be the same one, in this case in particular at least?
Even if It wouldn’t work for other cases
Edit: Does the API know the message coming from the front end?