src/livekit/openIDSFU.ts

/*
Copyright 2023, 2024 New Vector Ltd.

SPDX-License-Identifier: AGPL-3.0-only OR LicenseRef-Element-Commercial
Please see LICENSE in the repository root for full details.
*/

import { type IOpenIDToken, type MatrixClient } from "matrix-js-sdk";
import { type CallMembershipIdentityParts } from "matrix-js-sdk/lib/matrixrtc/EncryptionManager";
import { type Logger } from "matrix-js-sdk/lib/logger";

import { FailToGetOpenIdToken } from "../utils/errors";
import { doNetworkOperationWithRetry } from "../utils/matrix";
import { Config } from "../config/Config";

/**
 * Configuration and access tokens provided by the SFU on successful authentication.
 */
export interface SFUConfig {
  url: string;
  jwt: string;
  livekitAlias: string;
  // NOTE: Currently unused.
  livekitIdentity: string;
}

/**
 * Decoded details from the JWT.
 */
interface SFUJWTPayload {
  /**
   * Expiration time for the JWT.
   * Note: This value is in seconds since Unix epoch.
   */
  exp: number;
  /**
   * Name of the instance which authored the JWT
   */
  iss: string;
  /**
   * Time at which the JWT can start to be used.
   * Note: This value is in seconds since Unix epoch.
   */
  nbf: number;
  /**
   * Subject. The Livekit alias in this context.
   */
  sub: string;
  /**
   * The set of permissions for the user.
   */
  video: {
    canPublish: boolean;
    canSubscribe: boolean;
    room: string;
    roomJoin: boolean;
  };
}

// The bits we need from MatrixClient
export type OpenIDClientParts = Pick<
  MatrixClient,
  "getOpenIdToken" | "getDeviceId"
>;
/**
 * Gets a bearer token from the homeserver and then use it to authenticate
 * to the matrix RTC backend in order to get acces to the SFU.
 * It has built-in retry for calls to the homeserver with a backoff policy.
 * @param client The Matrix client
 * @param membership
 * @param serviceUrl The URL of the livekit SFU service
 * @param forceOldJwtEndpoint This will use the old jwt endpoint which will create the rtc backend identity based on string concatination
 * instead of a hash.
 * This function by default uses whatever is possible with the current jwt service installed next to the SFU.
 * For remote connections this does not matter, since we will not publish there we can rely on the newest option.
 * For our own connection we can only use the hashed version if we also send the new matrix2.0 sticky events.
 * @param roomId The room id used in the jwt request. This is NOT the livekit_alias. The jwt service will provide the alias. It maps matrix room ids <-> Livekit aliases.
 * @param delayEndpointBaseUrl
 * @param delayId
 * @param logger
 * @returns Object containing the token information
 * @throws FailToGetOpenIdToken
 */
export async function getSFUConfigWithOpenID(
  client: OpenIDClientParts,
  membership: CallMembershipIdentityParts,
  serviceUrl: string,
  forceOldJwtEndpoint: boolean,
  roomId: string,
  delayEndpointBaseUrl?: string,
  delayId?: string,
  logger?: Logger,
): Promise<SFUConfig> {
  let openIdToken: IOpenIDToken;
  try {
    openIdToken = await doNetworkOperationWithRetry(async () =>
      client.getOpenIdToken(),
    );
  } catch (error) {
    throw new FailToGetOpenIdToken(
      error instanceof Error ? error : new Error("Unknown error"),
    );
  }
  logger?.debug("Got openID token", openIdToken);

  logger?.info(`Trying to get JWT for focus ${serviceUrl}...`);

  let sfuConfig: { url: string; jwt: string };
  try {
    // we do not want to try the old endpoint, since we are not sending the new matrix2.0 sticky events (no hashed identity in the event)
    if (forceOldJwtEndpoint) throw new Error("Force old jwt endpoint");
    if (!delayId)
      throw new Error("No delayId, Won't try matrix 2.0 jwt endpoint.");

    sfuConfig = await getLiveKitJWTWithDelayDelegation(
      membership,
      serviceUrl,
      roomId,
      openIdToken,
      delayEndpointBaseUrl,
      delayId,
    );
    logger?.info(`Got JWT from call's active focus URL.`);
  } catch (e) {
    logger?.warn(
      `Failed fetching jwt with matrix 2.0 endpoint (retry with legacy)`,
      e,
    );
    sfuConfig = await getLiveKitJWT(
      membership.deviceId,
      serviceUrl,
      roomId,
      openIdToken,
    );
    logger?.info(`Got JWT from call's active focus URL.`);
  } // Pull the details from the JWT
  const [, payloadStr] = sfuConfig.jwt.split(".");
  // TODO: Prefer Uint8Array.fromBase64 when widely available
  const payload = JSON.parse(global.atob(payloadStr)) as SFUJWTPayload;
  return {
    jwt: sfuConfig.jwt,
    url: sfuConfig.url,
    livekitAlias: payload.video.room,
    // NOTE: Currently unused.
    // Probably also not helpful since we now compute the backendIdentity on joining the call so we can use it for the encryption manager.
    // The only reason for us to know it locally is to connect the right users with the lk world. (and to set our own keys)
    livekitIdentity: payload.sub,
  };
}

async function getLiveKitJWT(
  deviceId: string,
  livekitServiceURL: string,
  matrixRoomId: string,
  openIDToken: IOpenIDToken,
): Promise<{ url: string; jwt: string }> {
  try {
    const res = await fetch(livekitServiceURL + "/sfu/get", {
      method: "POST",
      headers: {
        "Content-Type": "application/json",
      },
      body: JSON.stringify({
        // This is the actual livekit room alias. For the legacy jwt endpoint simply the room id was used.
        room: matrixRoomId,
        openid_token: openIDToken,
        device_id: deviceId,
      }),
    });
    if (!res.ok) {
      throw new Error("SFU Config fetch failed with status code " + res.status);
    }
    return await res.json();
  } catch (e) {
    throw new Error("SFU Config fetch failed with exception", { cause: e });
  }
}

export async function getLiveKitJWTWithDelayDelegation(
  membership: CallMembershipIdentityParts,
  livekitServiceURL: string,
  matrixRoomId: string,
  openIDToken: IOpenIDToken,
  delayEndpointBaseUrl?: string,
  delayId?: string,
): Promise<{ url: string; jwt: string }> {
  const { userId, deviceId, memberId } = membership;

  const body = {
    room_id: matrixRoomId,
    slot_id: "m.call#ROOM",
    openid_token: openIDToken,
    member: {
      id: memberId,
      claimed_user_id: userId,
      claimed_device_id: deviceId,
    },
  };

  let bodyDalayParts = {};
  // Also check for empty string
  if (delayId && delayEndpointBaseUrl) {
    const delayTimeoutMs =
      Config.get().matrix_rtc_session?.delayed_leave_event_delay_ms ?? 1000;
    bodyDalayParts = {
      delay_id: delayId,
      delay_timeout: delayTimeoutMs,
      delay_cs_api_url: delayEndpointBaseUrl,
    };
  }

  try {
    const res = await fetch(livekitServiceURL + "/get_token", {
      method: "POST",
      headers: {
        "Content-Type": "application/json",
      },
      body: JSON.stringify({ ...body, ...bodyDalayParts }),
    });
    if (!res.ok) {
      throw new Error("SFU Config fetch failed with status code " + res.status);
    }
    return await res.json();
  } catch (e) {
    throw new Error("SFU Config fetch failed with exception " + e);
  }
}
Revert "Revert "Support for getting SFU config using OIDC"" 2023-07-05 13:12:37 +01:00			`/*`
Update file headers copyright and change licence to AGPL-3.0-only 2024-09-06 10:22:13 +02:00			`Copyright 2023, 2024 New Vector Ltd.`
Revert "Revert "Support for getting SFU config using OIDC"" 2023-07-05 13:12:37 +01:00
Fix copyright header to say dual license not just AGPL (#3013) This probably should have been part of https://github.com/element-hq/element-call/pull/2984 2025-02-18 17:59:58 +00:00			`SPDX-License-Identifier: AGPL-3.0-only OR LicenseRef-Element-Commercial`
Update file headers copyright and change licence to AGPL-3.0-only 2024-09-06 10:22:13 +02:00			`Please see LICENSE in the repository root for full details.`
Revert "Revert "Support for getting SFU config using OIDC"" 2023-07-05 13:12:37 +01:00			`*/`

temp 2025-03-13 13:58:43 +01:00			`import { type IOpenIDToken, type MatrixClient } from "matrix-js-sdk";`
Make use of the new jwt service endpoint (with delayed event delegation) This also does all the compatibility work. When to use which endpoint to authenticate agains a jwt service. 2025-12-17 09:53:49 +01:00			`import { type CallMembershipIdentityParts } from "matrix-js-sdk/lib/matrixrtc/EncryptionManager";`
cleanup based on new js-sdk impl 2025-12-29 17:38:54 +01:00			`import { type Logger } from "matrix-js-sdk/lib/logger";`
Revert "Revert "Support for getting SFU config using OIDC"" 2023-07-05 13:12:37 +01:00
Rename error boundary hook It doesn't check whether it's actually used inside a GroupCallErrorBoundary, and it's generally useful for interacting with any error boundary, so I'm giving it a generic name to reflect this. 2025-03-21 15:07:15 -04:00			`import { FailToGetOpenIdToken } from "../utils/errors";`
			`import { doNetworkOperationWithRetry } from "../utils/matrix";`
Make use of the new jwt service endpoint (with delayed event delegation) This also does all the compatibility work. When to use which endpoint to authenticate agains a jwt service. 2025-12-17 09:53:49 +01:00			`import { Config } from "../config/Config";`
Merge v0.4.2 hotfixes 2023-07-12 17:57:54 +01:00
Support MSC4143 RTC Transport endpoint (#3629) * Use rtc-focus branch of js-sdk * Update makeTransport to fetch backend transports and validate all transports before response. * Fix test * Add test * Loads more tests * Add tests for openid errors * improve comment * update to develop commit * Add JWT parsing * Use JWT * Cleanup * fixup tests * fixup tests * lint * lint lint * Fix `Reconnecting` 2025-12-29 17:45:41 +00:00			`/**`
			`* Configuration and access tokens provided by the SFU on successful authentication.`
			`*/`
Revert "Revert "Support for getting SFU config using OIDC"" 2023-07-05 13:12:37 +01:00			`export interface SFUConfig {`
			`url: string;`
			`jwt: string;`
Support MSC4143 RTC Transport endpoint (#3629) * Use rtc-focus branch of js-sdk * Update makeTransport to fetch backend transports and validate all transports before response. * Fix test * Add test * Loads more tests * Add tests for openid errors * improve comment * update to develop commit * Add JWT parsing * Use JWT * Cleanup * fixup tests * fixup tests * lint * lint lint * Fix `Reconnecting` 2025-12-29 17:45:41 +00:00			`livekitAlias: string;`
self review 2026-01-05 21:58:26 +01:00			`// NOTE: Currently unused.`
Support MSC4143 RTC Transport endpoint (#3629) * Use rtc-focus branch of js-sdk * Update makeTransport to fetch backend transports and validate all transports before response. * Fix test * Add test * Loads more tests * Add tests for openid errors * improve comment * update to develop commit * Add JWT parsing * Use JWT * Cleanup * fixup tests * fixup tests * lint * lint lint * Fix `Reconnecting` 2025-12-29 17:45:41 +00:00			`livekitIdentity: string;`
			`}`

			`/**`
			`* Decoded details from the JWT.`
			`*/`
			`interface SFUJWTPayload {`
			`/**`
			`* Expiration time for the JWT.`
			`* Note: This value is in seconds since Unix epoch.`
			`*/`
			`exp: number;`
			`/**`
			`* Name of the instance which authored the JWT`
			`*/`
			`iss: string;`
			`/**`
			`* Time at which the JWT can start to be used.`
			`* Note: This value is in seconds since Unix epoch.`
			`*/`
			`nbf: number;`
			`/**`
			`* Subject. The Livekit alias in this context.`
			`*/`
			`sub: string;`
			`/**`
			`* The set of permissions for the user.`
			`*/`
			`video: {`
			`canPublish: boolean;`
			`canSubscribe: boolean;`
			`room: string;`
			`roomJoin: boolean;`
			`};`
Revert "Revert "Support for getting SFU config using OIDC"" 2023-07-05 13:12:37 +01:00			`}`

			`// The bits we need from MatrixClient`
			`export type OpenIDClientParts = Pick<`
			`MatrixClient,`
			`"getOpenIdToken" \| "getDeviceId"`
			`>;`
refactor local transport testing and local memberhsip initialization 2025-11-20 14:42:12 +01:00			`/**`
move HomeserverConnected 2025-11-21 13:04:28 +01:00			`* Gets a bearer token from the homeserver and then use it to authenticate`
			`* to the matrix RTC backend in order to get acces to the SFU.`
			`* It has built-in retry for calls to the homeserver with a backoff policy.`
Add script to check that the tsdoc is correct and up-to-date 2025-12-30 17:02:44 +01:00			`* @param client The Matrix client`
cleanup based on new js-sdk impl 2025-12-29 17:38:54 +01:00			`* @param membership`
Add script to check that the tsdoc is correct and up-to-date 2025-12-30 17:02:44 +01:00			`* @param serviceUrl The URL of the livekit SFU service`
self review 2026-01-05 21:58:26 +01:00			`* @param forceOldJwtEndpoint This will use the old jwt endpoint which will create the rtc backend identity based on string concatination`
cleanup based on new js-sdk impl 2025-12-29 17:38:54 +01:00			`* instead of a hash.`
			`* This function by default uses whatever is possible with the current jwt service installed next to the SFU.`
			`* For remote connections this does not matter, since we will not publish there we can rely on the newest option.`
			`* For our own connection we can only use the hashed version if we also send the new matrix2.0 sticky events.`
Merge branch 'livekit' into toger5/delayed-event-delegation 2026-01-05 21:08:21 +01:00			`* @param roomId The room id used in the jwt request. This is NOT the livekit_alias. The jwt service will provide the alias. It maps matrix room ids <-> Livekit aliases.`
cleanup based on new js-sdk impl 2025-12-29 17:38:54 +01:00			`* @param delayEndpointBaseUrl`
			`* @param delayId`
			`* @param logger`
move HomeserverConnected 2025-11-21 13:04:28 +01:00			`* @returns Object containing the token information`
refactor local transport testing and local memberhsip initialization 2025-11-20 14:42:12 +01:00			`* @throws FailToGetOpenIdToken`
			`*/`
Revert "Revert "Support for getting SFU config using OIDC"" 2023-07-05 13:12:37 +01:00			`export async function getSFUConfigWithOpenID(`
			`client: OpenIDClientParts,`
Make use of the new jwt service endpoint (with delayed event delegation) This also does all the compatibility work. When to use which endpoint to authenticate agains a jwt service. 2025-12-17 09:53:49 +01:00			`membership: CallMembershipIdentityParts,`
temp Signed-off-by: Timo K <toger5@hotmail.de> 2025-08-27 14:01:01 +02:00			`serviceUrl: string,`
cleanup based on new js-sdk impl 2025-12-29 17:38:54 +01:00			`forceOldJwtEndpoint: boolean,`
Merge branch 'livekit' into toger5/delayed-event-delegation 2026-01-05 21:08:21 +01:00			`roomId: string,`
Make use of the new jwt service endpoint (with delayed event delegation) This also does all the compatibility work. When to use which endpoint to authenticate agains a jwt service. 2025-12-17 09:53:49 +01:00			`delayEndpointBaseUrl?: string,`
			`delayId?: string,`
cleanup based on new js-sdk impl 2025-12-29 17:38:54 +01:00			`logger?: Logger,`
temp Signed-off-by: Timo K <toger5@hotmail.de> 2025-08-27 14:01:01 +02:00			`): Promise<SFUConfig> {`
error management: Handle fail to get JWT token 2025-03-11 09:07:19 +01:00			`let openIdToken: IOpenIDToken;`
			`try {`
			`openIdToken = await doNetworkOperationWithRetry(async () =>`
			`client.getOpenIdToken(),`
			`);`
			`} catch (error) {`
			`throw new FailToGetOpenIdToken(`
			`error instanceof Error ? error : new Error("Unknown error"),`
			`);`
			`}`
cleanup based on new js-sdk impl 2025-12-29 17:38:54 +01:00			`logger?.debug("Got openID token", openIdToken);`
Revert "Revert "Support for getting SFU config using OIDC"" 2023-07-05 13:12:37 +01:00
cleanup based on new js-sdk impl 2025-12-29 17:38:54 +01:00			logger?.info(`Trying to get JWT for focus ${serviceUrl}...`);
Merge branch 'livekit' into toger5/delayed-event-delegation 2026-01-05 21:08:21 +01:00
			`let sfuConfig: { url: string; jwt: string };`
cleanup based on new js-sdk impl 2025-12-29 17:38:54 +01:00			`try {`
			`// we do not want to try the old endpoint, since we are not sending the new matrix2.0 sticky events (no hashed identity in the event)`
			`if (forceOldJwtEndpoint) throw new Error("Force old jwt endpoint");`
			`if (!delayId)`
			`throw new Error("No delayId, Won't try matrix 2.0 jwt endpoint.");`

Merge branch 'livekit' into toger5/delayed-event-delegation 2026-01-05 21:08:21 +01:00			`sfuConfig = await getLiveKitJWTWithDelayDelegation(`
self review 2026-01-05 21:58:26 +01:00			`membership,`
			`serviceUrl,`
			`roomId,`
			`openIdToken,`
Make use of the new jwt service endpoint (with delayed event delegation) This also does all the compatibility work. When to use which endpoint to authenticate agains a jwt service. 2025-12-17 09:53:49 +01:00			`delayEndpointBaseUrl,`
			`delayId,`
			`);`
cleanup based on new js-sdk impl 2025-12-29 17:38:54 +01:00			logger?.info(`Got JWT from call's active focus URL.`);
			`} catch (e) {`
			`logger?.warn(`
			`Failed fetching jwt with matrix 2.0 endpoint (retry with legacy)`,
			`e,`
			`);`
self review 2026-01-05 21:58:26 +01:00			`sfuConfig = await getLiveKitJWT(`
			`membership.deviceId,`
			`serviceUrl,`
			`roomId,`
			`openIdToken,`
			`);`
cleanup based on new js-sdk impl 2025-12-29 17:38:54 +01:00			logger?.info(`Got JWT from call's active focus URL.`);
Merge branch 'livekit' into toger5/delayed-event-delegation 2026-01-05 21:08:21 +01:00			`} // Pull the details from the JWT`
Support MSC4143 RTC Transport endpoint (#3629) * Use rtc-focus branch of js-sdk * Update makeTransport to fetch backend transports and validate all transports before response. * Fix test * Add test * Loads more tests * Add tests for openid errors * improve comment * update to develop commit * Add JWT parsing * Use JWT * Cleanup * fixup tests * fixup tests * lint * lint lint * Fix `Reconnecting` 2025-12-29 17:45:41 +00:00			`const [, payloadStr] = sfuConfig.jwt.split(".");`
self review 2026-01-05 21:58:26 +01:00			`// TODO: Prefer Uint8Array.fromBase64 when widely available`
Support MSC4143 RTC Transport endpoint (#3629) * Use rtc-focus branch of js-sdk * Update makeTransport to fetch backend transports and validate all transports before response. * Fix test * Add test * Loads more tests * Add tests for openid errors * improve comment * update to develop commit * Add JWT parsing * Use JWT * Cleanup * fixup tests * fixup tests * lint * lint lint * Fix `Reconnecting` 2025-12-29 17:45:41 +00:00			`const payload = JSON.parse(global.atob(payloadStr)) as SFUJWTPayload;`
			`return {`
			`jwt: sfuConfig.jwt,`
			`url: sfuConfig.url,`
			`livekitAlias: payload.video.room,`
			`// NOTE: Currently unused.`
self review 2026-01-05 21:58:26 +01:00			`// Probably also not helpful since we now compute the backendIdentity on joining the call so we can use it for the encryption manager.`
			`// The only reason for us to know it locally is to connect the right users with the lk world. (and to set our own keys)`
Support MSC4143 RTC Transport endpoint (#3629) * Use rtc-focus branch of js-sdk * Update makeTransport to fetch backend transports and validate all transports before response. * Fix test * Add test * Loads more tests * Add tests for openid errors * improve comment * update to develop commit * Add JWT parsing * Use JWT * Cleanup * fixup tests * fixup tests * lint * lint lint * Fix `Reconnecting` 2025-12-29 17:45:41 +00:00			`livekitIdentity: payload.sub,`
			`};`
Merge v0.4.2 hotfixes 2023-07-12 17:57:54 +01:00			`}`

			`async function getLiveKitJWT(`
self review 2026-01-05 21:58:26 +01:00			`deviceId: string,`
Merge v0.4.2 hotfixes 2023-07-12 17:57:54 +01:00			`livekitServiceURL: string,`
Merge branch 'livekit' into toger5/delayed-event-delegation 2026-01-05 21:08:21 +01:00			`matrixRoomId: string,`
Format code 2023-10-11 10:42:04 -04:00			`openIDToken: IOpenIDToken,`
Support MSC4143 RTC Transport endpoint (#3629) * Use rtc-focus branch of js-sdk * Update makeTransport to fetch backend transports and validate all transports before response. * Fix test * Add test * Loads more tests * Add tests for openid errors * improve comment * update to develop commit * Add JWT parsing * Use JWT * Cleanup * fixup tests * fixup tests * lint * lint lint * Fix `Reconnecting` 2025-12-29 17:45:41 +00:00			`): Promise<{ url: string; jwt: string }> {`
Merge v0.4.2 hotfixes 2023-07-12 17:57:54 +01:00			`try {`
			`const res = await fetch(livekitServiceURL + "/sfu/get", {`
			`method: "POST",`
			`headers: {`
			`"Content-Type": "application/json",`
			`},`
			`body: JSON.stringify({`
Merge branch 'livekit' into toger5/delayed-event-delegation 2026-01-05 21:08:21 +01:00			`// This is the actual livekit room alias. For the legacy jwt endpoint simply the room id was used.`
			`room: matrixRoomId,`
Merge v0.4.2 hotfixes 2023-07-12 17:57:54 +01:00			`openid_token: openIDToken,`
self review 2026-01-05 21:58:26 +01:00			`device_id: deviceId,`
Merge v0.4.2 hotfixes 2023-07-12 17:57:54 +01:00			`}),`
			`});`
			`if (!res.ok) {`
			`throw new Error("SFU Config fetch failed with status code " + res.status);`
			`}`
			`return await res.json();`
			`} catch (e) {`
Support MSC4143 RTC Transport endpoint (#3629) * Use rtc-focus branch of js-sdk * Update makeTransport to fetch backend transports and validate all transports before response. * Fix test * Add test * Loads more tests * Add tests for openid errors * improve comment * update to develop commit * Add JWT parsing * Use JWT * Cleanup * fixup tests * fixup tests * lint * lint lint * Fix `Reconnecting` 2025-12-29 17:45:41 +00:00			`throw new Error("SFU Config fetch failed with exception", { cause: e });`
Revert "Revert "Support for getting SFU config using OIDC"" 2023-07-05 13:12:37 +01:00			`}`
			`}`
Make use of the new jwt service endpoint (with delayed event delegation) This also does all the compatibility work. When to use which endpoint to authenticate agains a jwt service. 2025-12-17 09:53:49 +01:00
			`export async function getLiveKitJWTWithDelayDelegation(`
			`membership: CallMembershipIdentityParts,`
			`livekitServiceURL: string,`
Merge branch 'livekit' into toger5/delayed-event-delegation 2026-01-05 21:08:21 +01:00			`matrixRoomId: string,`
Make use of the new jwt service endpoint (with delayed event delegation) This also does all the compatibility work. When to use which endpoint to authenticate agains a jwt service. 2025-12-17 09:53:49 +01:00			`openIDToken: IOpenIDToken,`
			`delayEndpointBaseUrl?: string,`
			`delayId?: string,`
Merge branch 'livekit' into toger5/delayed-event-delegation 2026-01-05 21:08:21 +01:00			`): Promise<{ url: string; jwt: string }> {`
Make use of the new jwt service endpoint (with delayed event delegation) This also does all the compatibility work. When to use which endpoint to authenticate agains a jwt service. 2025-12-17 09:53:49 +01:00			`const { userId, deviceId, memberId } = membership;`

			`const body = {`
Merge branch 'livekit' into toger5/delayed-event-delegation 2026-01-05 21:08:21 +01:00			`room_id: matrixRoomId,`
Make use of the new jwt service endpoint (with delayed event delegation) This also does all the compatibility work. When to use which endpoint to authenticate agains a jwt service. 2025-12-17 09:53:49 +01:00			`slot_id: "m.call#ROOM",`
			`openid_token: openIDToken,`
			`member: {`
			`id: memberId,`
			`claimed_user_id: userId,`
			`claimed_device_id: deviceId,`
			`},`
			`};`

			`let bodyDalayParts = {};`
			`// Also check for empty string`
			`if (delayId && delayEndpointBaseUrl) {`
			`const delayTimeoutMs =`
			`Config.get().matrix_rtc_session?.delayed_leave_event_delay_ms ?? 1000;`
			`bodyDalayParts = {`
			`delay_id: delayId,`
			`delay_timeout: delayTimeoutMs,`
			`delay_cs_api_url: delayEndpointBaseUrl,`
			`};`
			`}`

			`try {`
			`const res = await fetch(livekitServiceURL + "/get_token", {`
			`method: "POST",`
			`headers: {`
			`"Content-Type": "application/json",`
			`},`
			`body: JSON.stringify({ ...body, ...bodyDalayParts }),`
			`});`
			`if (!res.ok) {`
			`throw new Error("SFU Config fetch failed with status code " + res.status);`
			`}`
			`return await res.json();`
			`} catch (e) {`
			`throw new Error("SFU Config fetch failed with exception " + e);`
			`}`
			`}`