Handling expired ssoTokenPayload when calling Twilio Functions from Flex Plugin
We have implemented a Twilio Flex plugin, basically allowing each user to supply some additional information (in a form) when they complete a task. Thus plugin has to fetch some task-related data prior to showing that form.
We use a Twilio Function for that, protecting it with Token Validator as described here. The plugin code (that invokes this function) looks like this:
export const getCallDuration = async (callSid, token) => {
const response = await axios.post(FUNCTION_URL, {
WorkspaceSid: WORKSPACE_SID,
CallSid: callSid,
Token: token,
});
return response.data.callInfo.duration;
};
// and here's the usage part:
const callDuration = await getCallDuration(
task.attributes.call_sid,
flexState.session.ssoTokenPayload.token,
);
... where flexState is basically a prop of the plugin component, and its value is set to manager.store.getState().flex when plugin is initialized.
Now, that works smoothly most of the time. The problem is, we start regularly receiving "Access Token has expired or expiration date is invalid" error closer to the end of the working day - as users tend to leave their browsers open for several hours, and not reauthenticate.
While Twilio Flex does know the session state:
... it seems to essentially do nothing about it, allowing the plugin to use an expired token.
The bigger concern is that the docs don't seem to mention any way to update that ssoTokenPayload manually whenever a token is expired. All the relevant parts seem to be about something different, not applicable to Flex.
I've done some search here at SO, and the closest one seems to be this thread which describes the same error, but for a different use case. AccessManager library, mentioned there, doesn't seem to be an option because it was essentially deprecated:
The AccessManager was used until mid 2016 then removed (and Conversations were deprecated). The AccessManager was useful when there was a long lived Video client, now you just call connect with a fresh token each time you want to join a room.
What's our options in this case?
It seems* that Twilio Flex 2.x attempts to renew its access token automatically. The good thing about it is that all the intricacies of the process are hidden from a developer, who shouldn't even care about AccessManager now.
The not-so-obvious thing, however, is that the process, it seems, causes a typical Redux Store update - which doesn't make much sense to me, as token update should not trigger re-render... but anyway. So, if you're not careful about what you pass in props, your component will end up working with stale data.
The most straightforward way out seems to be using "shortcut" to get access token, mentioned in this issue. In our case, we started passing manager as a component prop, to be used like this:
const callDuration = await getCallDuration(
task.attributes.call_sid,
manager.user.token,
);
This alternative to manager.store.getState().flex.session.ssoTokenPayload.token doesn't seem to be documented, but it seems* to be fair to assume it will stay active.
*It would have been great to be able to replace all the "it seems" in this post with direct links to Twilio Flex documentation. At the very least, "shortcut" of manager.user.token deserves to be mentioned in this part of Twilio Function usage guide.
- Twilio.Device.connect() not sending body to Express
- Data truncated for column?
- Is the statement in Twilio support docs that a US number cannot be easily identified as mobile number incorrect?
- Receive Text Message (SMS) in a .net API
- Unable to create account in Sendgrid. Getting, You are not authorized to access SendGrid, please contact
- How to handle my sms statuscallback in twilio using .net mvc?
- How to receive SMS to a twilio number
- Twilio: Is it possible to disable incoming text messages?
- Access value of json object in twilio studio flow
- How to mock the Twilio library in Laravel
- How can I use Twilio node with TypeScript?
- Twilio Dialogflow cx one-click-integration fails with unspecified error, worked before
- What is the Twilio's request body sent to the Customer Profile status callback URL?
- Twilio: Is there a way to export all opt outs?
- How to check Twilio blocked number list
- Twilio doesn't send verification codes for Caller ID to non-US numbers
- Twilio - can't detect that incoming call stopped calling
- Twilio voice api
- Typescript: this expression is not constructable when trying to import a class
- How to get call details Error and Warnings from API
- Can Twilio Be Set Up to Send Verification Codes on Demand?
- twilio sip registraion - BE node, FE react native (Twilio Register SIP Endpoint)
- Twilio <Client> and <SIP> with <Enqueue> and <Queue>: BLF Not Glowing on Yealink T31 When Call is Parked
- Subject Not Set in Emails Using @sendgrid/mail with Express Backend
- How to Set Up a Webhook for WhatsApp Template Status Updates?
- Play a menu to a participant in a conference
- Twilio - Push notifications fail in serverless production deployment
- Twilio Request URL Endpoint Returns json, but Twilio Says it Is Wrong Content-Type?
- Set webhook for incoming messages on Twilio-Whatsapp phone number
- Add AMD to Twilio dial.number?