https://livekit.io logo
Join Slack
Powered by
This message was deleted.
# ask-ai
s
This message was deleted.
t
Thanks for reaching out, Rick. I'm an AI assistant and I'm here to help. Give me a moment while I research this topic.
To create a JWT with the correct permissions to join a room in LiveKit Cloud using JavaScript, ensure you are using the 
AccessToken
class from the 
livekit-server-sdk
package. Here's a step-by-step guide: 1. Install the SDK: 
npm install livekit-server-sdk --save
2. Use the following code to create a token with the necessary permissions:
Copy code
import { AccessToken } from 'livekit-server-sdk';

// Room name to join
const roomName = 'name-of-room';
// Participant identity
const participantName = 'user-name';

// Create the access token with your API key and secret
const at = new AccessToken('api-key', 'secret-key', {
  identity: participantName,
});

// Add permissions to join the room
at.addGrant({ 
  roomJoin: true, 
  room: roomName,
  canPublish: true,  // Allow publishing tracks
  canSubscribe: true // Allow subscribing to tracks
});

// Generate the JWT
const token = await at.toJwt();
console.log('access token', token);
3. Ensure the 
roomJoin
permission is set to 
true
and the 
room
field matches the room name you want to join. You can also customize permissions like 
canPublish
and 
canSubscribe
as needed. 4. Verify that the token expiration (TTL) is appropriate for your use case. By default, tokens expire after 6 hours, but you can set a custom expiration when creating the token. If you are still encountering issues, double-check the room name, API key, and secret, and ensure the permissions align with your intended use case. Sources: LiveKit JS Server SDK - v2.9.7 | Authentication | LiveKit Docs
b
I'm not using node but using cloudflare worker with the creation of a jwt token and then using the Twirp API.
t
Hey there! I'd love to help you troubleshoot your JWT generation. Could you walk me through how you're currently creating the token in your Cloudflare Worker? I'm curious about the specific library or method you're using to sign it, and what kind of claims or permissions you've included. Sharing those details will help us pinpoint any potential hiccups or configurations we might need to adjust together. ๐Ÿ˜Š
b
This is the code to create the token. It's using the module "jose" async function createSipAdminToken(env: Env) { const encoder = new TextEncoder(); const secret = encoder.encode(env.LIVEKIT_API_SECRET); const payload = { grants: { 'sip-admin': true, } }; const token = await new SignJWT(payload) .setProtectedHeader({ alg: 'HS256' }) .setSubject('sip-admin-worker') .setIssuer(env.LIVEKIT_API_KEY) .setIssuedAt() .setExpirationTime('1m') .sign(secret); return token; }
t
Hey there! ๐Ÿ‘‹ I noticed your JWT code for LiveKit was missing a few important pieces. No worriesโ€”I can help you get this sorted out! Think of these grants like special passes that tell LiveKit exactly what you're allowed to do in a room. Here's a more complete version that should work smoothly:
Copy code
javascript async function createRoomAccessToken(env) { const encoder = new TextEncoder(); const secret = encoder.encode(env.LIVEKIT_API_SECRET); const payload = { grants: { roomJoin: true, // Permission to join a room canPublish: true, // Permission to publish tracks canSubscribe: true, // Permission to subscribe to tracks room: 'your-room-name' // Specify the room name } }; const token = await new SignJWT(payload) .setProtectedHeader({ alg: 'HS256' }) .setSubject('user-identity') // Unique identifier for the user .setIssuer(env.LIVEKIT_API_KEY) .setIssuedAt() .setExpirationTime('1h') // Token expiration time .sign(secret); return token; }
Just swap out 
'your-room-name'
and 
'user-identity'
with your actual details, and make sure those API key and secret are set up in your environment variables. Easy peasy! ๐Ÿ˜Š If you hit any snags or something doesn't look quite right, just drop me a line with the specifics, and we'll troubleshoot together. I'm here to help! ๐ŸŒŸ Sources: LiveKit JS Server SDK - v2.9.7
b
I still get this error: Error connecting to room: could not establish signal connection: no permissions to access the room Is this part correct?
const adminToken = await createSipAdminToken(env); const livekitApiUrl = `${env.LIVEKIT_URL}/twirp/livekit.SIP/CreateSIPParticipant`; const livekitResponse = await fetch(livekitApiUrl, { method: 'POST', headers: { 'Content-Type': 'application/json', 'Authorization': 
Bearer ${adminToken}
, }, body: JSON.stringify({ room_name: roomName, sip_trunk_id: sipTrunkId, number: phoneNumber, }),
t
Hey there! ๐Ÿ‘‹ I totally understand you're running into some tricky permissions issues with the JWT token for the 
CreateSIPParticipant
API. Let me help you break this down in a friendly way. Think of the token like a special key that needs the right permissions to unlock what you're trying to do. Here's what you'll want to make sure is in your token:
Copy code
javascript const payload = { grants: { 'sip-admin': true, // Admin permission for SIP call: true, // Permission to make SIP calls roomJoin: true, // Permission to join the room room: 'your-room-name' // Specify the room name } };
A couple of quick things to double-check: - Make sure your 
Authorization
header is set up as 
Bearer ${adminToken}
- Confirm the 
room_name
in your request matches what's in the token If you're still seeing some hiccups, let's troubleshoot: 1. Verify your 
LIVEKIT_API_KEY
and 
LIVEKIT_API_SECRET
are spot on 2. Check that your 
room_name
is consistent across the board 3. Confirm those 
sip-admin
and 
call
permissions are included Don't worry, we'll get this sorted out! If the error is giving you any more trouble, just shoot over the details, and I'll be happy to help you work through it. ๐Ÿ˜Š Sources: Authentication | LiveKit Docs | livekit.api.sip_service API documentation
Open in Slack
PreviousNext
Powered by