The error ConnectionError: could not establish signal connection: invalid token with

go-jose/go-jose: error in cryptographic primitive

indicates an authentication failure during token verification. This typically happens due to one or more of the following: • Incorrect API key or API secret: Ensure your API key and secret match exactly what is configured in your LiveKit server—watch for hidden characters or trailing spaces. • Secret encoding issues: Special or non-ASCII characters in the API secret may cause cryptographic errors. Make sure your secret is properly encoded using the recommended method (

new TextEncoder().encode(secret)

). • Token structure or algorithm mismatch: Tokens must be signed using the

HS256

algorithm and include all required claims (especially

exp

,

iss

, and

identity

for room access). • Token expiration: Ensure the

exp

claim is valid and the system clocks on your server and client are synchronized. Troubleshooting steps: 1. Regenerate your JWT token server-side, ensuring the API key/secret and token claims are correct. 2. Decode your JWT token to verify it has

exp

(expiration),

iss

(issuer matching your API key), and any required video grants. 3. If possible, use the

TokenVerifier

utility from the SDK to test your token before attempting to connect. 4. Double-check your token is not expired and the correct algorithm/key is used throughout the process. If you can share your token generation code (with secrets redacted), I can help review for potential issues. Let me know if you need detailed steps for any of these or if the problem persists after checking these points. Sources: packages/livekit-server-sdk/src/AccessToken.ts | spec/livekit/token_verifier_spec.rb | Authentication | LiveKit Docs | errors.go | lib/src/core/signal_client.dart | src/room/Room.ts | livekit-api/src/test_token.txt | Web and mobile frontends | LiveKit Docs