Reuse existing Twilio credentials for mobile voice tokens

Mobile voice token endpoint now uses TWP_Twilio_API::generate_capability_token() instead of separate API Key SID/Secret. Removes duplicate Twilio credential fields from Mobile App settings page. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-06 14:50:53 -08:00
2 changed files with 13 additions and 60 deletions
--- a/admin/mobile-app-settings.php
+++ b/admin/mobile-app-settings.php
@@ -52,8 +52,6 @@ if (isset($_POST['twp_save_mobile_settings']) && check_admin_referer('twp_mobile
    update_option('twp_auto_update_enabled', isset($_POST['twp_auto_update_enabled']) ? '1' : '0');
    update_option('twp_gitea_repo', sanitize_text_field($_POST['twp_gitea_repo']));
    update_option('twp_gitea_token', sanitize_text_field($_POST['twp_gitea_token']));
-    update_option('twp_twilio_api_key_sid', sanitize_text_field($_POST['twp_twilio_api_key_sid']));
-    update_option('twp_twilio_api_key_secret', sanitize_text_field($_POST['twp_twilio_api_key_secret']));

    $settings_saved = true;
 }
@@ -65,8 +63,6 @@ $fcm_sa_configured = !empty($fcm_service_account_json) && !empty($fcm_project_id
 $auto_update_enabled = get_option('twp_auto_update_enabled', '1') === '1';
 $gitea_repo = get_option('twp_gitea_repo', 'wp-plugins/twilio-wp-plugin');
 $gitea_token = get_option('twp_gitea_token', '');
-$twilio_api_key_sid = get_option('twp_twilio_api_key_sid', '');
-$twilio_api_key_secret = get_option('twp_twilio_api_key_secret', '');

 // Get update status
 require_once TWP_PLUGIN_DIR . 'includes/class-twp-auto-updater.php';
@@ -175,37 +171,6 @@ $total_sessions = $wpdb->get_var("SELECT COUNT(*) FROM $sessions_table");
                            <?php endif; ?>
                        </td>
                    </tr>
-                    <tr>
-                        <th scope="row">
-                            <label for="twp_twilio_api_key_sid">Twilio API Key SID</label>
-                        </th>
-                        <td>
-                            <input type="text"
-                                   id="twp_twilio_api_key_sid"
-                                   name="twp_twilio_api_key_sid"
-                                   value="<?php echo esc_attr($twilio_api_key_sid); ?>"
-                                   class="regular-text"
-                                   placeholder="SK...">
-                            <p class="description">
-                                Create an API Key in Twilio Console &gt; Account &gt; API Keys. Required for mobile VoIP tokens.
-                            </p>
-                        </td>
-                    </tr>
-                    <tr>
-                        <th scope="row">
-                            <label for="twp_twilio_api_key_secret">Twilio API Key Secret</label>
-                        </th>
-                        <td>
-                            <input type="password"
-                                   id="twp_twilio_api_key_secret"
-                                   name="twp_twilio_api_key_secret"
-                                   value="<?php echo esc_attr($twilio_api_key_secret); ?>"
-                                   class="regular-text">
-                            <p class="description">
-                                The secret associated with the API Key SID above. Shown only once when key is created.
-                            </p>
-                        </td>
-                    </tr>
                </table>

                <?php if ($fcm_sa_configured): ?>
--- a/includes/class-twp-mobile-api.php
+++ b/includes/class-twp-mobile-api.php
@@ -689,37 +689,25 @@ class TWP_Mobile_API {
    public function get_voice_token($request) {
        $user_id = $this->auth->get_current_user_id();
        $user = get_userdata($user_id);
-        $identity = 'agent' . $user_id . preg_replace('/[^a-zA-Z0-9]/', '', $user->user_login);
-
-        $account_sid = get_option('twp_twilio_account_sid');
-        $auth_token = get_option('twp_twilio_auth_token');
-        $api_key_sid = get_option('twp_twilio_api_key_sid');
-        $api_key_secret = get_option('twp_twilio_api_key_secret');
-        $twiml_app_sid = get_option('twp_twiml_app_sid');
-
-        if (empty($api_key_sid) || empty($api_key_secret)) {
-            return new WP_Error('missing_api_key', 'Twilio API Key SID and Secret must be configured', array('status' => 500));
+        $clean_name = preg_replace('/[^a-zA-Z0-9]/', '', $user->user_login);
+        if (empty($clean_name)) {
+            $clean_name = 'user';
        }
+        $identity = 'agent' . $user_id . $clean_name;

        try {
-            $token = new \Twilio\Jwt\AccessToken(
-                $account_sid,
-                $api_key_sid,
-                $api_key_secret,
-                3600,
-                $identity
-            );
+            require_once plugin_dir_path(dirname(__FILE__)) . 'includes/class-twp-twilio-api.php';
+            $twilio = new TWP_Twilio_API();
+            $result = $twilio->generate_capability_token($identity);

-            $voiceGrant = new \Twilio\Jwt\Grants\VoiceGrant();
-            $voiceGrant->setOutgoingApplicationSid($twiml_app_sid);
-            $voiceGrant->setIncomingAllow(true);
-
-            $token->addGrant($voiceGrant);
+            if (!$result['success']) {
+                return new WP_Error('token_error', $result['error'], array('status' => 500));
+            }

            return new WP_REST_Response(array(
-                'token' => $token->toJWT(),
-                'identity' => $identity,
-                'expires_in' => 3600
+                'token' => $result['data']['token'],
+                'identity' => $result['data']['client_name'],
+                'expires_in' => $result['data']['expires_in']
            ), 200);

        } catch (Exception $e) {