Toss the opaque id. opaque means not transparent. Unable to look through. Just like Steel. No X-Ray.
onAuthorized gives you access to ChannelID and Twitch-Users ID for the extension instance (the running extension within the viewers browser).
If you need the name, let the game client (or server) look it up using it’s bearer token against helix’ users endpoint
And don’t forget about rule #1: NEVER trust a client.
If you want to make sure that the incoming connection to your server actually is the use, who it claims to be, pass the JWT you got via “token” from onAuthorized to it and validate it on server side:
This is enogh information given to anyone who really WANTS to understand it.
You are repeatedly asking the same questions that get answered again and again. It looks like you’re not really investing time into reading and trying suggestions and docs.
I am not a WebDev, too and I’m unfamiliar with Javascript. I used to work with C# so JS is like my biggest enemy (except c++). But I invested a few hours of reading and testing - and the basics you need for this are definitively learnable for anyone who has a absic understanding of coding.
Try it hard. It will work.