Share via

WebPubSub client can't join a group but can join other groups of the same access_token

Intelicosmos 60 Reputation points
2025-06-28T12:48:02.1833333+00:00

We successfully create access_token for PubSub which includes webpubsub.joinLeaveGroup and webpubsub.sendToGroup for 4 groups (like A, B, C and D, so 8 roles in total) but the client (which is MAUI app) can't join the group D and receives "Received non-success acknowledge from the service: The client does not have permission to join group 'D'."!

I can confirm that once access_token is generated, we re-initialize the WebPubSubClient with the new token (which is successful) and then:

  • We are able to send message to group A
  • We are able to join group C

But we can't join group D!

Below is a last section of Python API code that generates the access_token. 'groups' variable is sent like 'A|B|C|D':

		....
		all_roles = []
        for group_name in groups.split('|'):
            all_roles.append("webpubsub.joinLeaveGroup." + group_name)
            all_roles.append("webpubsub.sendToGroup." + group_name)
        wsClient = WebPubSubServiceClient.from_connection_string(connectionstring, hub)
        token_key = wsClient.get_client_access_token(roles=all_roles, minutes_to_expire=1440)
        return str(token_key['url'])

In MAUI, our initialize and join group methods are:

public async Task InitializeConnection(string pubSubUrl)

{

try

{

    _client = new WebPubSubClient(new Uri(pubSubUrl));

    _client.GroupMessageReceived += HandleMessage;

    await _client.StartAsync();

    _isConnected = true;

}

catch (Exception ex)

{

    _isConnected = false;

    throw new Exception($"Failed to initialize WebSocket connection: {ex.Message}");

}

}

public async Task JoinGroup(string groupName)

{

if (!_isConnected)

    throw new InvalidOperationException("WebSocket is not connected");

try

{

    await _client.JoinGroupAsync(groupName);

}

catch (Exception ex)

{

    throw new Exception($"Failed to join group {groupName}: {ex.Message}");

}

}

Azure Web PubSub
Azure Web PubSub
An Azure service that provides real-time messaging for web applications using WebSockets and the publish-subscribe pattern.
Accepted answer
  1. Bhargavi Naragani 7,525 Reputation points Microsoft External Staff Moderator
    2025-06-30T07:01:11.0733333+00:00

    Hi Intelicosmos,

    From the screenshots you provided, you've done a good job setting up the roles for A, B, C, and D. However, the runtime error in the MAUI client:

    “The client does not have permission to join group 'abc'”

    indicates that the generated access token did not include the correct joinLeaveGroup.abc permission, even though it seems you intended to include it.

    Looking at your variable expansion (all_roles list):

    ['webpubsub.sendToGroup.',
 'webpubsub.joinLeaveGroup.7',
 'webpubsub.sendToGroup.7',
 'webpubsub.joinLeaveGroup.',
 'webpubsub.sendToGroup.',
 'webpubsub.joinLeaveGroup',
 'webpubsub.sendToGroup.I_']

    The correct role webpubsub.joinLeaveGroup.abc is present, but it is at the 6th index of the list, meaning it is very likely that your MAUI app is initialized with an outdated token, the one before this role was added.

    1. Verify Token Contents to ensure the token includes the right group roles, please decode the JWT using Microsoft’s secure tool: https://jwt.ms
      • Paste in the token returned by get_client_access_token()
      • Look for: 
             "roles": [
     "webpubsub.joinLeaveGroup.I",
     "webpubsub.sendToGroup.I",
     ...
     ]
      • If joinLeaveGroup.Iabc is missing, then your MAUI app is running with an old or mismatched token.
    2. Ensure Re-initialization in MAUI App
      • Confirm that after generating the token in Python, the MAUI app reconnects using the new token by reinitializing the WebPubSubClient. Example: 
             _client = new WebPubSubClient(new Uri(newTokenUrl));
     await _client.StartAsync();
     await _client.JoinGroupAsync("I_abc"); // Ensure this group name matches exactly
    0 comments

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.