20154: Invalid Claim Set

This error indicates that the JWT was parsed successfully, but one or more claims in the payload are invalid.

• One of the required claims is missing from the payload.
• For Public Key Client Validation, the payload must include the hrh and rqh claims; hrh is the semicolon-delimited list of lowercase headers used in the request-hash calculation (must at least include Host and Authorization), and rqh is the hash of the canonicalized HTTP request. Omitting or misformatting these claims will invalidate the set.
• For Public Key Client Validation, required payload claims include iss, sub, and exp; tokens received after exp (allowing for clock skew) or with exp - nbf exceeding the documented maximum are rejected, which makes the claim set invalid.

• Ensure you are using the latest Twilio Helper Library so required JWT claims are produced correctly.
• When using Public Key Client Validation:
  • Include both hrh and rqh in the payload; ensure hrh lists Host and Authorization.
  • Attach the JWT on requests via the Twilio-Client-Validation header.
  • Verify iss, sub, exp, and (if used) nbf satisfy the documented constraints, including the maximum allowed exp - nbf window.
• If you only need to confirm that the token is well-formed (structure/signature presence), use a standard JWT inspection tool before retesting.

• Public Key Client Validation Quickstart
• Access Tokens
• Debugging Your Twilio Application