Access token life time for incoming calls

[EugeneBasalyga]

Pre-submission Checklist

• I have verified that the issue occurs with the latest release and is not marked as a known issue in the CHANGELOG.md.
• I reviewed the Common Issues and open GitHub issues and verified that this report represents a potentially new issue.
• I am not sharing any Personally Identifiable Information (PII)
  or sensitive account information (API keys, credentials, etc.) when reporting this issue.

Description

Hi, could you please explain how registering access tokens works for incoming calls.
On my backend for testing purposes i have set up access token life time for 1 minute (ttl: 60).

  getToken({identity, platform}) {
    const {
      AccessToken,
      AccessToken: {VoiceGrant},
    } = jwt;

    const accessToken = new AccessToken(
      this.accountSid,
      this.apiKeySid,
      this.apiKeySecret,
      {
        identity,
        ttl: 60,
      },
    );

    const voiceGrant = new VoiceGrant({
      outgoingApplicationSid: this.voiceOutgoingTwimlAppSid,
      incomingAllow: true,
      ...(platform !== undefined && {
        pushCredentialSid: platform === PLATFORM.IOS ? this.twilioApnPushCredentialSid : this.twilioFcmPushCredentialSid,
      }),
    });

    accessToken.addGrant(voiceGrant);

    return accessToken.toJwt();
  }

Then on mobile side registering this token.
await voice.register(token);

When using such token after a minute for outgoing call it will be automatically disconnected.
But for incoming calls it works even after an hour. Could you please clarify how exactly access tokens expiration works for incoming calls? What happens with previous tokens if i register a new one? What happens with previous tokens if i unregister the latest one?

[bobiechen-twilio]

Hi @EugeneBasalyga

Thanks for reaching out.

The situation is slightly different for outbound and incoming calls and I will explain in details, but the most important idea is that the expiration should be available (not before and not after) when calling the connect(), register() and unregister() methods.

For making outbound calls using the connect() method, the active call will continue to work even when the token had expired during the call.

The expiry duration does not affect how long the mobile client can receive incoming calls. Twilio React Native Voice SDK uses push notifications as the means of delivering incoming call notifications, and will only stop sending notifications when the app calls the unregister() method. That being said, this binding still has a default 1-year expiry - we will remove bindings that do not receive any incoming call push notifications after a year.

We use the combination of Twilio Account SID, the client identity and the device push token as the unique identifier of a mobile client instance. Registering on the same device/app will result in the same push binding, just refreshed with the date. Unregistering will remove the binding for this app instance, assuming the Account SID and push device token are the same.

When using such token after a minute for outgoing call it will be automatically disconnected.

Are you able to use a short-lived access token and make another call? We will need to check the Twilio Call SID if this is the behavior you are observing.

[EugeneBasalyga]

Hi @bobiechen-twilio just curious then why is it necessary to pass twilio access token to unregister method?