Access Tokens Are Invalid. Why?

Following the documentation and example at https://www.twilio.com/docs/iam/access-tokens for video access resulted in the error message Invalid Access Token in the browser. This is unexpected because I basically copy and pasted the code from the example. My backend code is below.

const token = new AccessToken(
  accountSid,
  twilioApiKey,
  twilioApiSecret
);
token.addGrant(new VideoGrant({
  room: roomResponse['unique_name']
}));

let tokenString = token.toJwt();

Am I missing something critical? Thanks for your help in advance.

Tagged:

Answers

  • Your token is missing an identity for your user. The identity is described like this in the documentation:

    The identity of the first person. Typically a username in your system. Voice tokens may only contain alpha-numeric and underscore characters.

    You can either set it in the constructor:

    const token = new AccessToken(
      accountSid,
      twilioApiKey,
      twilioApiSecret,
      { identity: "triplrrr" }
    );
    

    Or by setting it on the token object:

    token.identity = "triplrrr";
    
  • Could you please clarify what you mean by a 'username in [my] system'? I only have my own account, so I'm unsure of what that means. I tried putting the email associated with my account into the identity field, but it failed anyway.

  • You're original example was creating a Video access token. The access token authenticates a user, identified by the identity field in the token, with the Twilio Video service. An identity can only join a Room once, for example. If you try to join a Room with two users using the same identity the first one will get kicked out when the second joins.

    So, identities should uniquely identify users that are joining Video rooms. Since the users are joining from an application that you are building, and often those users will be signed in to your service, it follows that using their username in your service as the identifier for Twilio would make them both recognisable and unique. If you do not have users in your system and your Video rooms are open for anyone to join, you should still ask for or generate an identity for them.

    I think identities should be alphanumeric and not contain an @ symbol, so an email address is not a good choice for an identity, but I'm not 100% sure on that. Could you try an identity using just letters/numbers? If that doesn't work, can you explain a bit more about your code and the full error you are receiving?

Sign In or Register to comment.