2

I am creating an access token using the NodeJS server code provided by twilio. When I validate the token in https://jwt.io with the secret, it says the signature is verified. But I keep getting the below error message in twilio voice quick start iOS App.

{"code":20107,"message":"Invalid Access Token signature"}

Here is my token generation code in Node.JS as provided by twilio. Could someone please guide me where I am going wrong.

const AccessToken = require('twilio').jwt.AccessToken;
const VoiceGrant = AccessToken.VoiceGrant;

// Used when generating any kind of tokens
const twilioAccountSid = 'ACxxxxxxxxxx';
const twilioApiKey = 'SKxxxxxxxxxx';
const twilioApiSecret = 'xxxxxxxxxxxx';

// Used specifically for creating Voice tokens
const outgoingApplicationSid = 'APxxxxxxxxxxxxx';
const identity = 'user';

// Create a "grant" which enables a client to use Voice as a given user
const voiceGrant = new VoiceGrant({
    outgoingApplicationSid: outgoingApplicationSid
});

// Create an access token which we will sign and return to the client,
// containing the grant we just created
const token = new AccessToken(twilioAccountSid, twilioApiKey, twilioApiSecret);
token.addGrant(voiceGrant);
token.identity = identity;

// Serialize the token to a JWT string
console.log(token.toJwt());

Edit: example of JWT access token created.

eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiIsImN0eSI6InR3aWxpby1mcGE7dj0xIn0.eyJqdGkiOiJTSzRkMjg2MWQ0YjQ4MDljZTNiNjUyOTRjNWMwZTFjNmI3LTE0OTk0Mjg4NDgiLCJncmFudHMiOnsiaWRlbnRpdHkiOiJ1c2VyIiwidm9pY2UiOnsib3V0Z29pbmciOnsiYXBwbGljYXRpb25fc2lkIjoiQVBiY2I5MDMwMDdhZTRmZjllZmMxNWYzY2VlODAzMzA4NSJ9fX0sImlhdCI6MTQ5OTQyODg0OCwiZXhwIjoxNDk5NDMyNDQ4LCJpc3MiOiJTSzRkMjg2MWQ0YjQ4MDljZTNiNjUyOTRjNWMwZTFjNmI3Iiwic3ViIjoiQUM5NTQ4ZDc5YTRjNzU5YzQwNzAxYThkMDExMWIzNDU0MyJ9.uw5PO3mYm1kdMyCageMMZG40_vU9z7czDrZj7h8N7_Y
kurrodu
  • 2,108
  • 4
  • 32
  • 49
  • Can you share (by editing your question) an example JWT access token that you are creating? Thanks – philnash Jul 10 '17 at 11:01
  • @philnash added an example JWT access token that I am creating. – kurrodu Jul 10 '17 at 12:18
  • I'm taking a guess, but can you ensure that you are using the API Secret that comes with your API Key when you create it. If you can't get the API Secret of the API Key you are using in this token, then you will need to create another pair and use those instead. You should not be using your account's Auth Token. – philnash Jul 10 '17 at 12:33
  • I am using the API Secret that comes with the API key. I am not using my account's auth token. – kurrodu Jul 10 '17 at 13:01
  • How are you getting the JWT into your app? And are you able to call the endpoint of your application with curl or a browser and see the JWT? – philnash Jul 10 '17 at 13:10
  • Using Postman or browser, I am able to call the endpoint and see the JWT. – kurrodu Jul 10 '17 at 23:29
  • The code you posted only `console.log`s the token so how does it get to your application? – philnash Jul 10 '17 at 23:45
  • Let us [continue this discussion in chat](http://chat.stackoverflow.com/rooms/148833/discussion-between-kurrodu-and-philnash). – kurrodu Jul 10 '17 at 23:48
  • How i will get outgoingApplicationSid – jitendra rajput Jul 17 '18 at 12:38

1 Answers1

3

Twilio developer evangelist here.

Whilst everything looks correct with your token, it turns out there was an incident recently to do with API key creation. So, your API key may be corrupt on Twilio's side.

The best thing to do is to go back to your Twilio console and create a new API key and secret and try those instead.

Let me know how that goes.

philnash
  • 70,667
  • 10
  • 60
  • 88
  • how i will get outgoingApplicationSid – jitendra rajput Jul 17 '18 at 12:38
  • You need to create a TwiML App. You can do so in the Twilio console here: https://www.twilio.com/console/phone-numbers/runtime/twiml-apps – philnash Jul 17 '18 at 22:55
  • Hello @philnash i am getting error JWT Token expired why? – Shubham Azad Jul 30 '18 at 09:21
  • Hello @ShubhamAzad, I don't know because that is not enough information. I recommend you either ask a question on Stack Overflow or get in touch with [Twilio help](https://www.twilio.com/help/contact) to find out what is going wrong. – philnash Jul 30 '18 at 22:47
  • Ok @philnash,My question link is https://stackoverflow.com/questions/51605909/twilio-jwt-token-expired – Shubham Azad Jul 31 '18 at 05:21