as_token not accepted - checked the troubleshooting and did not find error

[JosuaCarl]

Helllo there, The problem is mentioned at the top, but in full detail, I get: [2022-07-11 14:15:09,335] [CRITICAL@mau.init] The as_token was not accepted. Is the registration file installed in your homeserver correctly?

I checked my homeserver.yaml and config.yaml a hundred times and I can not figure out, why it does not work. Maybe I am just missing something..

config.yaml:

# Homeserver details
homeserver:
    # The address that this appservice can use to connect to the homeserver.
    address: https://<redacted>
    # The domain of the homeserver (for MXIDs, etc).
    domain: <redacted>
    # Whether or not to verify the SSL certificate of the homeserver.
    # Only applies if address starts with https://
    verify_ssl: true
    asmux: false
    # Number of retries for all HTTP requests if the homeserver isn't reachable.
    http_retry_count: 4
    # The URL to push real-time bridge status to.
    # If set, the bridge will make POST requests to this URL whenever a user's Signal connection state changes.
    # The bridge will use the appservice as_token to authorize requests.
    status_endpoint:
    # Endpoint for reporting per-message status.
    message_send_checkpoint_endpoint:
    # Maximum number of simultaneous HTTP connections to the homeserver.
    connection_limit: 100
    # Whether asynchronous uploads via MSC2246 should be enabled for media.
    # Requires a media repo that supports MSC2246.
    async_media: false

# Application service host/registration related details
# Changing these values requires regeneration of the registration.
appservice:
    # The address that the homeserver can use to connect to this appservice.
    address: http://localhost:29328
    # When using https:// the TLS certificate and key files for the address.
    tls_cert: false
    tls_key: false

    # The hostname and port where this appservice should listen.
    hostname: 0.0.0.0
    port: 29328
    # The maximum body size of appservice API requests (from the homeserver) in mebibytes
    # Usually 1 is enough, but on high-traffic bridges you might need to increase this to avoid 413s
    max_body_size: 1

    # The full URI to the database. SQLite and Postgres are supported.
    # However, SQLite support is extremely experimental and should not be used.
    # Format examples:
    #   SQLite:   sqlite:///filename.db
    #   Postgres: postgres://username:password@hostname/dbname
    database: postgres://<redacted>:<redacted>@localhost/synapse-oagt
    # Additional arguments for asyncpg.create_pool() or sqlite3.connect()
    # https://magicstack.github.io/asyncpg/current/api/index.html#asyncpg.pool.create_pool
    # https://docs.python.org/3/library/sqlite3.html#sqlite3.connect
    # For sqlite, min_size is used as the connection thread pool size and max_size is ignored.
    database_opts:
        min_size: 5
        max_size: 10
    id: signal
    # Username of the appservice bot.
    bot_username: signalbot
    # Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty
    # to leave display name/avatar as-is.
    bot_displayname: Signal bridge bot
    bot_avatar: mxc://maunium.net/wPJgTQbZOtpBFmDNkiNEMDUp

    # Whether or not to receive ephemeral events via appservice transactions.
    # Requires MSC2409 support (i.e. Synapse 1.22+).
    # You should disable bridge -> sync_with_custom_puppets when this is enabled.
    ephemeral_events: false

    # Authentication tokens for AS <-> HS communication. Autogenerated; do not modify.
    as_token: N_G<...>wVr
    hs_token: XzR<...>ymL

# Prometheus telemetry config. Requires prometheus-client to be installed.
metrics:
    enabled: false
    listen_port: 8000

# Manhole config.
manhole:
    # Whether or not opening the manhole is allowed.
    enabled: false
    # The path for the unix socket.
    path: /var/tmp/mautrix-signal.manhole
    # The list of UIDs who can be added to the whitelist.
    # If empty, any UIDs can be specified in the open-manhole command.
    whitelist:
    - 0
signal:
    # Path to signald unix socket
    socket_path: /var/run/signald/signald.sock
    # Directory for temp files when sending files to Signal. This should be an
    # absolute path that signald can read. For attachments in the other direction,
    # make sure signald is configured to use an absolute path as the data directory.
    outgoing_attachment_dir: /tmp
    # Directory where signald stores avatars for groups.
    avatar_dir: ~/.config/signald/avatars
    # Directory where signald stores auth data. Used to delete data when logging out.
    data_dir: ~/.config/signald/data
    # Whether or not unknown signald accounts should be deleted when the bridge is started.
    # When this is enabled, any UserInUse errors should be resolved by restarting the bridge.
    delete_unknown_accounts_on_start: false
    # Whether or not message attachments should be removed from disk after they're bridged.
    remove_file_after_handling: true
    # Whether or not users can register a primary device
    registration_enabled: true
    # Whether or not to enable disappearing messages in groups. If enabled, then the expiration
    # time of the messages will be determined by the first users to read the message, rather
    # than individually. If the bridge has a single user, this can be turned on safely.
    enable_disappearing_messages_in_groups: false

# Bridge config
bridge:
    # Localpart template of MXIDs for Signal users.
    # {userid} is replaced with an identifier for the Signal user.
    username_template: signal_{userid}
    # Displayname template for Signal users.
    # {displayname} is replaced with the displayname of the Signal user, which is the first
    # available variable in displayname_preference. The variables in displayname_preference
    # can also be used here directly.
    displayname_template: '{displayname} (Signal)'
    # Whether or not contact list displaynames should be used.
    # Possible values: disallow, allow, prefer
    #
    # Multi-user instances are recommended to disallow contact list names, as otherwise there can
    # be conflicts between names from different users' contact lists.
    contact_list_names: disallow
    # Available variables: full_name, first_name, last_name, phone, uuid
    displayname_preference:
    - full_name
    - phone
    autocreate_group_portal: true
    # Whether or not to create portals for all contacts on login/connect.
    autocreate_contact_portal: false
    # Whether or not to use /sync to get read receipts and typing notifications
    # when double puppeting is enabled
    sync_with_custom_puppets: true
    # Whether or not to update the m.direct account data event when double puppeting is enabled.
    # Note that updating the m.direct event is not atomic (except with mautrix-asmux)
    # and is therefore prone to race conditions.
    sync_direct_chat_list: false
    # Allow using double puppeting from any server with a valid client .well-known file.
    double_puppet_allow_discovery: false
    # Servers to allow double puppeting from, even if double_puppet_allow_discovery is false.
    double_puppet_server_map:
        example.com: https://example.com
    login_shared_secret_map:
        example.com: foo
    federate_rooms: true
    # End-to-bridge encryption support options. You must install the e2be optional dependency for
    # this to work. See https://docs.mau.fi/bridges/general/end-to-bridge-encryption.html
    encryption:
        # Allow encryption, work in group chat rooms with e2ee enabled
        allow: false
        # Default to encryption, force-enable encryption in all portals the bridge creates
        # This will cause the bridge bot to be in private chats for the encryption to work properly.
        default: false
        # Options for automatic key sharing.
        key_sharing:
            # Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled.
            # You must use a client that supports requesting keys from other users to use this feature.
            allow: false
            # Require the requesting device to have a valid cross-signing signature?
            # This doesn't require that the bridge has verified the device, only that the user has verified it.
            # Not yet implemented.
            require_cross_signing: false
            # Require devices to be verified by the bridge?
            # Verification by the bridge is not yet implemented.
            require_verification: true
    # Whether or not to explicitly set the avatar and room name for private
    # chat portal rooms. This will be implicitly enabled if encryption.default is true.
    private_chat_portal_meta: false
    # Whether or not the bridge should send a read receipt from the bridge bot when a message has
    # been sent to Signal. This let's you check manually whether the bridge is receiving your
    # messages.
    # Note that this is not related to Signal delivery receipts.
    delivery_receipts: false
    # Whether or not delivery errors should be reported as messages in the Matrix room. (not yet implemented)
    delivery_error_reports: false
    # Set this to true to tell the bridge to re-send m.bridge events to all rooms on the next run.
    # This field will automatically be changed back to false after it,
    # except if the config file is not writable.
    resend_bridge_info: false
    # Interval at which to resync contacts (in seconds).
    periodic_sync: 0
    # Should leaving the room on Matrix make the user leave on Signal?
    bridge_matrix_leave: true

    # Provisioning API part of the web server for automated portal creation and fetching information.
    # Used by things like mautrix-manager (https://github.com/tulir/mautrix-manager).
    provisioning:
        # Whether or not the provisioning API should be enabled.
        enabled: true
        # The prefix to use in the provisioning API endpoints.
        prefix: /_matrix/provision
        # The shared secret to authorize users of the API.
        # Set to "generate" to generate and save a new token.
        shared_secret: oRK2tLDENDpeRmUNp1HUASUOSK-wHozSenzCM5rW1Werwg8LMB9OB1dPO0YTbZ06
        # Segment API key to enable analytics tracking for web server
        # endpoints. Set to null to disable.
        # Currently the only events are login start, QR code scan, and login
        # success/failure.
        segment_key:

    # The prefix for commands. Only required in non-management rooms.
    command_prefix: '!signal'

    # Messages sent upon joining a management room.
    # Markdown is supported. The defaults are listed below.
    management_room_text:
        # Sent when joining a room.
        welcome: Hello, I'm a Signal bridge bot.
        # Sent when joining a management room and the user is already logged in.
        welcome_connected: Use `help` for help.
        # Sent when joining a management room and the user is not logged in.
        welcome_unconnected: Use `help` for help or `link` to log in.
        # Optional extra text sent when joining a management room.
        additional_help: ''

    # Send each message separately (for readability in some clients)
    management_room_multiple_messages: false

    # Permissions for using the bridge.
    # Permitted values:
    #      relay - Allowed to be relayed through the bridge, no access to commands.
    #       user - Use the bridge with puppeting.
    #      admin - Use and administrate the bridge.
    # Permitted keys:
    #        * - All Matrix users
    #   domain - All users on that homeserver
    #     mxid - Specific user
    permissions:
        '*': relay
        '<redacted>': user
        '@<user>:<redacted>': admin
    relay:
        # Whether relay mode should be allowed. If allowed, `!signal set-relay` can be used to turn any
        # authenticated user into a relaybot for that chat.
        enabled: false
        # The formats to use when sending messages to Signal via a relay user.
        #
        # Available variables:
        #   $sender_displayname - The display name of the sender (e.g. Example User)
        #   $sender_username    - The username (Matrix ID localpart) of the sender (e.g. exampleuser)
        #   $sender_mxid        - The Matrix ID of the sender (e.g. @exampleuser:example.com)
        #   $message            - The message content
        message_formats:
            m.text: '$sender_displayname: $message'
            m.notice: '$sender_displayname: $message'
            m.emote: '* $sender_displayname $message'
            m.file: $sender_displayname sent a file
            m.image: $sender_displayname sent an image
            m.audio: $sender_displayname sent an audio file
            m.video: $sender_displayname sent a video
            m.location: $sender_displayname sent a location
logging:
    version: 1
    formatters:
        colored:
            (): mautrix_signal.util.ColorFormatter
            format: '[%(asctime)s] [%(levelname)s@%(name)s] %(message)s'
        normal:
            format: '[%(asctime)s] [%(levelname)s@%(name)s] %(message)s'
    handlers:
        file:
            class: logging.handlers.RotatingFileHandler
            formatter: normal
            filename: ./mautrix-signal.log
            maxBytes: 10485760
            backupCount: 10
        console:
            class: logging.StreamHandler
            formatter: colored
    loggers:
        mau:
            level: DEBUG
        aiohttp:
            level: INFO
    root:
        level: DEBUG
        handlers: [file, console]

(home/pi/synapse-oagt/signal/)registration.yaml:

id: signal
as_token: N_G<...>wVr
hs_token: XzR<...>ymL
namespaces:
    users:
    - exclusive: true
      regex: '@signal_.*:<redacted>'
    - exclusive: true
      regex: '@signalbot:<redacted>'
    aliases: []
url: http://localhost:29328
sender_localpart: cTysOk6NAaWCzcjj8yglIKuw_tAW4NO1noR-iNPjk8myzW2zwhzPhBycxuIOWec4
rate_limited: false

homeserver.yaml:

server_name: "<redacted>"
pid_file: <redacted>/homeserver.pid

# Listeners
listeners:
  - port: 8008
    tls: false
    type: http
    x_forwarded: true
    bind_addresses: ['::1', '127.0.0.1']
    resources:
      - names: [client, federation]
        compress: false

# Database configuration
database:
  name: psycopg2
  args:
    user: <redacted>
    password: <redacted>
    database: synapse-oagt
    host: localhost
    cp_min: 5
    cp_max: 10

# Log file location
log_config: "<redacted>.log.config"
media_store_path: <redacted>/media_store
registration_shared_secret: "<redacted>"
report_stats: true
macaroon_secret_key: "<redacted>"
form_secret: "<redacted>"
signing_key_path: "<redacted>.signing.key"
trusted_key_servers:
  - server_name: "matrix.org"

# Warning, that is suppressed for convenience (keyserver=matrix.com)
suppress_key_server_warning: true

# Connection to other services (mautrix)
app_service_config_files:
- /home/pi/synapse-oagt/signal/registration.yaml 

# vim:ft=yaml

Also, yes I did restart the homeserver, then the python envionment and then computer, when I did not find the error, just to be sure.

If someone could point me in the right direction, I would be very glad.

Regards, Josua

[tulir]

As the troubleshooting page says, the tokens have to match in the config and registration. GitHub is also not the place for setup issues (which is mentioned at the top of the troubleshooting page)

[JosuaCarl]

Nevermind, somehow, the third reboot of the Computer did it. I'm marking this as resolved.