Access Token Claims Mismatch

Unity Services
,
1

I’m currently developing vivox chatting service ‘without’ authentication package(server provided token) with vivox version 1.15.160001, and our service had been working fine for 2 months, until we found out that vivox had stopped functioning for us since June 8.

We tried everything, upgrading vivox to lastest 1.15.18000, enabling test mode, changing token key and migrating from vivox dashboard to unity-vivox dashboard, but none of them worked.
Instead we are keep getting below error whenever client tries to execute BeginLogin and EndLogin:

Error: Access Token Claims Mismatch (20123)
[Vivox]: Unable to initialize Vivox. If you are not using Unity Game Services and Authentication Service, set your credentials manually by using the Services > Vivox > Configure menu.$System.Collections.Generic.KeyNotFoundException: There is no component IEnvironmentId registered. Are you missing a package?
[Vivox]: Test Mode is enabled or you are not using the Authentication package but a Vivox Key couldn’t be retrieved - please ensure that a project is properly linked in Edit > Project Settings > Services > Vivox and that the “Test Mode” checkbox is checked

I HAVE set credentials(take a look at below image), and I am wondering wht am I keep getting ‘no credential’ warnings. is there anything I’m missing?
By the way, there is no problem with the token provided from the server.(I think)

// token used:
TOKEN REDACTED FOR SECURITY PURPOSES

code that I used:

private void OnVivoxLogin(string token)
{
_account = new Account(“/Local Player Display Name/”);

_loginSession = Client.GetLoginSession(_account);
_loginSession.SetTransmissionMode(TransmissionMode.All);
_loginSession.PropertyChanged += On_loginSessionPropertyChanged;
_loginSession.BeginLogin(token, SubscriptionMode.Accept, null, null, null, ar =>
{
try
{
_loginSession.EndLogin(ar);
}
catch (Exception e)
{
_loginSession.PropertyChanged -= On_loginSessionPropertyChanged;
}
});
}

IMAGE REDACTED FOR SECURITY PURPOSES

2

Hi, @keokim0808 , two things:

The latest Vivox package is 15.1.180001-pre.1, which was just released a few days ago. Please make sure you are on that version. Please let me know if you still experience the issue on that version.

Dylan

3

@keokim0808 I’m going to start a conversation with you to get some more information that I don’t want posted publicly.

4

Sorry for the confusion, I am using latest vivox package with version 15.1.180001-pre.1, but still experiencing the issue.
Just wanted to make sure, Authentication package is not required if the one uses authentication via server provided VAT tokens, right?

async void Awake()
{
await UnityServices.InitializeAsync();
// await AuthenticationService.Instance.SignInAnonymouslyAsync();
VivoxService.Instance.Initialize();
}

This is the code that I am using for initializing vivox, almost the same with the codes provided in the docs (https://docs.vivox.com/v5/general/unity/15_1_180000/en-us/Default.htm#Unity/vivox-unity-first-steps.htm%3FTocPath%3DVivox%2520Unity%2520SDK%2520documentation|_____1),
with this line removed:
await AuthenticationService.Instance.SignInAnonymouslyAsync();

Is there possibly any problem with this code?

5

We are experiencing the same problem and are similarly;

  1. using server-generated tokens
  2. Not using the unity authentication package
6

As I mentioned in our DM, I’ve tried your credentials from the Vivox Developer Portal and the Unity Dashboard and both are working correctly for me in the Chat Channel Sample. I’ve even tried generating my own login VAT and passing it to the BeginLogin method. I am not getting the error. I’m trying some other tests.

Yes, that is correct. The Authentication package is not needed if you are generating your own Vivox Access Tokens.

No, it looks fine.

7

We have also been trying to update to the Vivox service and are encountering problems. Login seems to work the same as before, but we are having problems with server-generated join tokens. We do not get an error, however. We just go from a Connecting state to a Disconnected state with no feedback. Joining a channel works fine using the unsecure tokens from the client. I have submitted a support request.

1 Like
8

Hello @SimuSkippy , please let me know your:

  • Unity Editor version
  • Vivox SDK version
  • What backend you are using (mtu1xp, mt1s, etc.)

For visibility, I already have a support ticket going with @SamStilesOO , which is why I have not asked details from them.

9

I have tries two more things:

  1. Updated Unity version from 2021.2.16f to 2021.3.4f, which did not work.
  2. Created new vivox chat sample project → modified login method so that it takes token value provided by my own game server → the same token value mismatch exception is thrown, so I assume the problem is nothing related to my unity editor version or project settings?

And now I noticed these logs:
[Vivox]: Unable to initialize Vivox. If you are not using Unity Game Services and Authentication Service, set your credentials manually by using the Services > Vivox > Configure menu.$System.Collections.Generic.KeyNotFoundException: There is no component IEnvironmentId registered.
[Vivox]: Test Mode is enabled or you are not using the Authentication package - we will generate Vivox Access Tokens locally using your Vivox Key but this should only be used for testing.
[Vivox]: Test Mode is enabled or you are not using the Authentication package but a Vivox Key couldn’t be retrieved - please ensure that a project is properly linked in Edit > Project Settings > Services > Vivox and that the “Test Mode” checkbox is checked

The first warning message is getting my nerves. Even though my unity project link is properly set on Services > Vivox, the message is keep telling me I have not set credentials. I followed the stack trace and found the line causing this problem.
Library\PackageCache\com.unity.services.vivox@…\Runtime\Package\VivoxPackageInitializer.cs : line 36

vivoxService.SetAuthenticationComponents(registry.GetServiceComponent(), registry.GetServiceComponent(), registry.GetServiceComponent());
registry.GetServiceComponent() is throwing exception.
I have no idea what is causing this line to throw exception, and I tried setting domain, issuer and server address manually with SetCredentials method, but no progress.

From what I remember, I did not get these warnings two weeks ago, when my code worked just fine. So I’m guessing fixing things up from this warning is a way to go… Any ideas regarding this warnings?

1 Like
10

Hi,

We were just about to make a new thread, but I happened to see this one and I think we’re having a similar issue with a solution (which we want to clarify why this works suddenly).

Apologies in advance for polluting your thread if this is unrelated in hindsight.

A little bit of background info can be found here: Vivox can't join channel TLDR: we were having issues that we couldn’t connect to Vivox, but that was fixed at Unity’s side thankfully. So to prevent this in the future (hopefully), we started on implementing server side tokens (before we received the first response from Unity).

Which, after some trial and error, we got working (yay!). Note that we’re currently using 15.1.170000-pre.1, and didn’t upgrade or whatsoever in the meantime.

Until about a week ago (we don’t have an exact date), it stopped working. We couldn’t login anymore due to the same error: Access Token Claims Mismatch (20123)

“But you said you had a solution?” Yes, yes we did! But hold on to your horses.

Here is a recreated piece of code, for sake of clarity, to illustrate the differences and hopefully it still makes sense without context.

This worked until about a week ago:

string accountName = GetAccountNameFromUserInput();
string loginToken = GetTokenFromSecureServer(accountName);

var account = new Account(accountName);
var loginSession = VivoxService.Instance.Client.GetLoginSession(account);

loginSession.BeginLogin(loginToken, ...)

This made it work (again):

string accountName = GetAccountNameFromUserInput();

var account = new Account(accountName);
string loginToken = GetTokenFromSecureServer(account.Name);

var loginSession = VivoxService.Instance.Client.GetLoginSession(account);

loginSession.BeginLogin(loginToken, ...)

So the only change is that before, we used the account name (from user input) to create the token. Afterwards, we first created the Account object, and used it’s name (account.Name) to generate the token.

So, happy that this seems to fix it (for us at least), but we’d like some confirmation that this also won’t break in a couple of weeks? Why did our previous code work (for some time), and suddenly it didn’t?

The only thing we can think of that is worth mentioning (no idea if it’s related in any way), is that we received a message (a week and a half ago give or take) from Unity that last monday a Maintenance Update was performed on multiple of our Vivox domains.

So maybe something was changed that broke our old logic? We have no clue, but without input (of Unity/Vivox) we’re not confident to push this change out to our users (apps).

Thanks in advance

1 Like
11

Our code worked the same way as your first sample (& as reflected in the docs) – using the account name string rather than account.Name after Account creation – but your interim fix doesn’t fix it for our case, it seems.

string accountName = "FooBarBaz";

var account = new Account(accountName);

m_vivoxLoginSession = VivoxService.Instance.Client.GetLoginSession(account);

m_vivoxLoginSession.PropertyChanged += _onLoginSessionStateChange;

var loginAccessTokenFromServer = GetVivoxLoginAccessTokenFromServer(account.Name);

m_vivoxLoginSession.BeginLogin(loginAccessTokenFromServer, SubscriptionMode.Accept, null, null, null, ar =>
{
    try
    {
        m_vivoxLoginSession.EndLogin(ar);
    }
    catch (Exception e)
    {
        VivoxLog.LogErrorFormat("An exception occurred attempting to log in to vivix: {0}", e.Message);
        VivoxLog.LogException(e);
        return;
    }
});

12

Thanks for your response. That’s sorry to hear. Hopefully @dylan_unity3d can chime in and shed some more light on the issue?

Edit: we’re using Unity 2020.2.6f1, should that matter in any way

13

Thank you for your response!
However this solution did not work out for me either.
This is really strange beacause everything was functioning correctly two weeks before, but now, with no code change it doesn’t anymore…

14

Same for us - I’m fairly certain this will have been a (intentional or not) breaking change on the backend of vivox that caused this, just waiting on the Unity team to investigate and confirm and advise next steps.

15
  1. I have repro’d in 2021.3.4f1 and 2019.4.39f1
  2. 15.1.180001-pre.1
  3. mtu1xp
2 Likes
16

Hello everyone,

Unity was closed on Friday and Monday. I am coming up to speed on these posts.

For Engineering’s clarity:
@keokim0808 mt1s and mtu1xp
@SamStilesOO mt1s
@SimuSkippy mtu1xp
@developerarreterra mtu1xp

Please let me know if those domains are not correct.

Dylan

1 Like
17

Correct for mine

18

After working with @SamStilesOO , yes this appears to be the part that was confusing everyone. The VAT requires the account name, not the account display name. I’ll submit a documentation ticket to add some clarifying text about it for our Vivox Unity SDK. This will work for anyone who is trying to use mtu1xp as the backend.

I think our original intention was for users to use the Account.ToString() method rather than calling Name or DisplayName. This ToString method will return sip:.issuer.username.@domain.vivox.com. As you can see this already has the sip:, issuer, username, and domain included. In general, that’s easier than building the entire thing yourself.

19

Until recently, the mtu1xp token approval settings were set to a more permissive mode due to that environment and the Vivox Unity package and service being in beta mode. This allowed certain VATs to be allowed with claims mismatches, so long as the issuer and key were correct. As preparation to move out of beta mode, these settings were set to a more restrictive level. This caused those tokens for mtu1xp with mismatches to be flagged and refused. This caused what looked like an issue for mt1s since SamStilesOO was unintentionally connecting to mtu1xp.

20

For the situation SamStilesOO was having, he needed to add some additional code that let the Vivox Unity SDK know to ignore the credentials being pulled from the Unity Dashboard after being linked to a Unity Project. Usually once you are linked to the a Unity Dashboard project, you are using those credentials, but as we still have numerous customers using the Vivox Developer Portal, I can see this is a possibility. I’ll submit a documentation ticket to add the following information to make sure those customers have visibility on what to do.

If, and only if:

  • you have linked your Unity project to the Unity Dashboard
  • you are NOT using mtu1xp

you must add the following to your code:

var options = new InitializationOptions();
options.SetVivoxCredentials(VIVOX_SERVER, VIVOX_DOMAIN, VIVOX_ISSUER);
await UnityServices.InitializeAsync(options);

where VIVOX_SERVER, VIVOX_DOMAIN, VIVOX_ISSUER are the values for your application on the Vivox Developer Portal.