Universal APN Credential Marked Invalid
Closed this issue ยท 18 comments
Description
We have created a universal (production + development) APN certificate for our VoIP application and made corresponding Twilio Push Credentials (one sandboxed for development and one not).
When trying to place a call with sandboxed credentials on two debug instances of the application the recipient's phone does not receive the call. We are also getting a Twilio Error - 52134 "Invalid APNs device token" in the Twilio console for these calls.
Steps to Reproduce
-
Build the caller's application in debug on iOS simulator
-
Build the call recipient's application in debug on a physical device
-
When both applications are logged in they receive an Access Token from our server and it's been granted sandbox push credentials
-
Place a call from the simulator to the physical device
We have had success calling from the simulator before, just as long as the recipient application is not running in simulator (since it cannot receive push notifications).
Expected Behavior
Recipient's phone to receive a push notification and begin ringing
Actual Behavior
Caller's phone rings until timeout and recipient never receives call
Reproduces How Often
This happens on every call attempt with these development builds, but we've had successful calls in our recent TestFlight builds for physical devices (which use the non-sandboxed push credential).
Voice iOS SDK
2.0.0-beta13 via CocoaPods
Xcode
Both 8.2.1 and 9.1.0 during testing
iOS Version
10.2 and 11.0
iOS Device
Physical iPhone 7 Plus
Simulated iPhone 7 Plus and iPhone 7
Hi @lassandroan
Thanks for reporting the issue with the template.
Could you provide us the Twilio Account SID and Push Credential SID for the sandbox environment via email? (you know where to find it) Please tag the email with this issue and remember not post any of your credentials here. I'll take a look and check with the Twilio Notify service team to see if there is anything wrong with the VoIP certificate and the (sandbox) push credential SID, and then get back to you here.
Quick question - on the device that you were not getting push notifications for incoming call invites, are both development and production VoIP environments being used, i.e. the same device and same identity used for testing development and production versions of the app? During our dev process we sometimes see the device not getting the notification after installing (from HockeyApp) the release version app and registered. If I then restart the app and register again, I am able to get the notification. Luckily this won't be happening to app end users.
Anyway, we'll take a look at the credentials and get back to you soon.
Thanks.
bobie
Thanks @bchen-twilio, just sent over the email!
We did have a TestFlight build as well as an Xcode debug build on the physical device. However, when testing out the calls the Xcode debug build was logged in with a different account than the TestFlight build.
We also logged out from both app builds just to be sure and were verifying identity using the Twilio Access Token that the debug app was receiving
Thanks for providing us the creds. I'll do what the SDK team can do to dig up more info why the notification delivery failed. Unfortunately most of the Twilio Notify service team members are in Central Europe timezone, which is already their time off but I'll still reach out to them since only they have the permission to query the service DB.
As for using different accounts for debug and release versions, as long as the Push Credential SID belongs to the Account SID (this should check out during registration, otherwise you should get a failure) and the Push Credential SID is generated from the VoIP certificate for the application bundle ID.
Hi @lassandroan
Sorry for my delay of responding back to you.
We've run your Twilio Account SID and the Push Credential SID (ending with a3af) - based on the description of the certificate, it's actually the certificate for a regular APNS.
For the best integration experience, we would recommend that Voice SDK users create their VoIP Service certificate using a fresh CSR (certificate signing request) file. We've seen similar issue reported by other SDK users because the same CSR file was used to create a regular APNS cert.
Let me know if this helps.
Thanks.
-bobie
Hey @bchen-twilio, sorry about the late response
Swapping out for the VoIP certificate fixed our calling issue, thank you!
That's great @lassandroan!
@bchen-twilio I'm facing the same issue. I already have a VoIP Certificate and my SandBox is checked.
On Development it works great. I already created a new CSR and all.
Sorry that you are experiencing the issue.
Could you send your Twilio account SID and (sandbox) Push Credential SID to my email? it'd be better if you can also send me the call SID that you were seeing push notification delivery failure.
Don't post any of your credentials here ;)
Thanks.
-bobie
I've run your credentials and basically things look good to me - the Push Credentials does have sandbox signature in it and the call push notification (of the Call SID you provided) was also delivered successfully.
I did see some errors under your account that indicate push notification delivery failure with a Push Credential SID (ending with fa1a). The SID also has the sandbox option checked. Is it possible that you are using this push credential SID in your production app?
@bchen-twilio When I found this thread I redid the push certificates / credentials just to be sure I was doing everything right. So, both credentials you're seeing are VoIP certificate keys with sandbox signatures. Not sure what to look for anymore..
Also, not related to this issue but if you could help me on another issue Im having regarding twilio-voice. Here
Also, in logs I have the following:
Make sure you do not modify the device token before providing it to Twilio. If using a command line tool make sure to url-encode the token.
I'm not sure what this means at all
Let's clarify this - the Push Credential SID works for your in development but not working in the production app?
As for the problem you are seeing in the SO thread - you need to prefix client: in your callerId, otherwise the Twilio Programmable Voice will treat it as a number and dialpad-translates it. Hope this helps.
Yes! It works on development!
Aside:
You were right about the client thing, but now on callKit in iOS it shows 'client:Jose'? Shouldn't it take care of it? Even if I trim the client: string on my app call screen, it will always show 'client:Jose' on calls history.
Thank you!
I think what gets displayed in the system call screen is actually decided when you report the incoming call to CallKit, so you should be able to retrieve what's behind the client: prefix and display to the user.
As for the credential SID - I know this can be confusing but when your app is going production, you will need to create another Push Credential SID
- with the same VoIP cert for this app (bundle ID)
- only this time don't check the sandbox option
This way the Twilio Notify service knows to send the push notification to the Apple's production APNS service endpoint and then the notification will be delivered to the mobile clients.
@bchen-twilio Alright, thank you very much. I can't test right now but I will tomorrow morning.
I confirm creating a new credential (without the sandbox option) with the same VoIP certificate solved my problem!
That is great! @RUIFERNANDE5
Please feel free to contact us if you run into any problem in the future.
Hi, @bchen-twilio I'm facing the same issue. I have tried your solution to create VoIP certificate using fresh CSR it's not working for me.
I will send you Twilio account SID and (sandbox) Push Credential SID to your email.
can you please check it and help me to solve out this issue.
Thanks.