User Auth on your Extension
Introduction
In order to properly authorize who the user is, you will receive a JWT from the client.
What is a JWT?
A JWT is a long string of characters that contains information that verifies who a user is.
It can only be modified if you know the Client Secret of the Extension receiving the JWT.
How do I decode the JWT?
It is quite simple to receive and verify a JWT.
Always use a server to verify the JWT and send it back to the client - never store secret keys in the client.
Client Code Example
//Called in your Client to your server
const GetJWTInformation = async () => {
try {
const decodeResponse = await axios.post(`${process.env.REACT_APP_SERVER_URL}/jwt/decode`, { token: jwt });
console.log("Decoded JWT:", decodeResponse.data); //Full JWT information
console.log(decodeResponse.data.chatrpg_id); //ChatRPG ID
console.log(decodeResponse.data.streamer_id); //Streamer ID
console.log(decodeResponse.data.twitch_id); //Twitch ID
} catch (decodeError) {
console.error('Error decoding token:', decodeError);
}
};
Server Code Example
// Endpoint to decode JWT and return user data - uses Client Secret to decode JWT
router.post('/', (req, res) => {
const { token } = req.body; //The token itself should be sent as a body
try {
const decoded = jwt.verify(token, process.env.CHATRPG_SECRET, { algorithms: ['HS256'] }); //Verify the JWT token using your Client Secret
return res.status(200).json(decoded); //If successful return the decoded token.
} catch (error) {
return res.status(401).send('Invalid token');
}
});
What do I get from the JWT?
After you successfully decode the JWT and send it clientside, you'll receive:
chatrpg_id: stringstreamer_id: stringtwitch_id: string