20106: Invalid Access Token grants

Twilio accepted the Access Token's signature and issuer, but rejected the token because the grants claim was invalid, could not be parsed, or did not permit the requested operation.

• The token's grants claim did not include the product-specific grant required for the SDK or API being used (for example, Video requires a mandatory video grant).
• The grants object was malformed or used unrecognized fields, so Twilio could not parse it.
• A required field inside a product grant was missing or incorrect (for example, SyncGrant requires a serviceSid).
• A token generated for one product type was attempted in a different context (for example, a Verify Push Access Token used with client-side SDKs), which is not supported.

• Regenerate the Access Token server-side and ensure the grants claim includes at least one correct, product-specific grant for the capability you need; use Twilio server-side SDK helpers to construct grants and tokens.
• For Video, include a VideoGrant; to limit access to a single Room, set the room value within that grant (for example, using AccessToken.VideoGrant).
• For Sync, include a SyncGrant and provide the required serviceSid.
• If you're using Verify Push, create a product-specific Access Token using the Verify Access Token resource instead of reusing tokens from other products.

• Access Tokens
• User Identity & Access Tokens for Programmable Video
• Issuing Sync Tokens