Symptoms:
A Vivox SDK call requiring a Vivox Access Token failed with status code 20121 "Access Token Expired".
Implementations which don't use the Unity Authentication Service (UAS) for authorization require Vivox Access Tokens for calls such as signing in the user, joining a channel, enabling transcription, muting or unmuting participants for everyone, and kicking participants from a channel.
Cause:
There are three primary causes for a VxAccessTokenExpired (20121) error:
- The token expiration value has been set incorrectly when creating the access token. It's best practice to set the expiration to a fixed number of whole seconds past the current time. In production, we recommend creating access tokens with a 90 second expiration. See the Resolution section below for examples of code used to calculate the expiration time.
- The code to set the expiration time is programmed correctly, but the device clock on the machine generating the token is significantly ahead or behind the server time (after adjusting for timezone).
- The token is generated correctly, but is being used (or reused) after the expiration time. It is best practice to only vend tokens when you are ready to use them. Using (or reusing) a token after the expiration time will result in this error.
- Be aware that intentionally pausing code execution during development—for instance, by setting a breakpoint in the debugger—can cause tokens to expire before use if the application is paused long enough between token creation and use in an SDK request.
Note: When processing secure requests, Vivox first checks whether the access token is expired before checking if the token has been used previously. This means that using a token which meets both conditions (previously used and past expiration) will fail with a status of VxAccessTokenExpired (20121) rather than VxAccessTokenAlreadyUsed (20120).
Resolution:
In production, Vivox Access Tokens should always be generated from a central game server or secure token vending service at the request of individual game clients, not generated on the end user device itself. This both increases security and minimizes the risk of token expiration issues. Client generated tokens should only be used for debugging during development. Ensure the device generating Vivox Access Tokens has its clock set correctly.
Use code similar to the following examples to generate tokens which expire 90 seconds past the current time:
-
Unity:
TimeSpan.FromSeconds(90) -
Unreal:
FTimespan::FromSeconds(90) -
Core:
time(0L) + 90
Note: Token expiration time must be an integer. Using a float value for the expiration time will result in an error.