diff --git a/http/handler/api/rtmp.go b/http/handler/api/rtmp.go
index ccc49b8c..57958641 100644
--- a/http/handler/api/rtmp.go
+++ b/http/handler/api/rtmp.go
@@ -1,7 +1,6 @@
 package api
 
 import (
-	"errors"
 	"net"
 	"net/http"
 
@@ -71,8 +70,8 @@ func (rtmph *RTMPHandler) Play(c echo.Context) error {
 
 	r, err := rtmph.rtmp.PlayFLV(addr, u)
 	if err != nil {
-		var rtmperr rtmp.PlayError
-		if errors.As(err, &rtmperr) {
+		rtmperr, ok := err.(*rtmp.PlayError)
+		if ok {
 			status := http.StatusInternalServerError
 			switch rtmperr.Message {
 			case "FORBIDDEN":
diff --git a/rtmp/rtmp.go b/rtmp/rtmp.go
index 5dc2a017..751d7ff6 100644
--- a/rtmp/rtmp.go
+++ b/rtmp/rtmp.go
@@ -250,7 +250,7 @@ func (s *server) play(remote net.Addr, u *url.URL) (*channel, string, string, er
 	resource := playpath
 
 	if !s.iam.Enforce(identity, domain, "rtmp", resource, "PLAY") {
-		return nil, identity, playpath, &PlayError{"FORBIDDEN", "", playpath, "access denies", nil}
+		return nil, identity, playpath, &PlayError{"FORBIDDEN", "", playpath, "access denied", nil}
 	}
 
 	// Look for the stream
@@ -512,6 +512,8 @@ func (s *server) findIdentityFromStreamKey(key string) (string, error) {
 	if ok, err := identity.VerifyServiceToken(token); !ok {
 		if err != nil {
 			err = fmt.Errorf("invalid token: %w", err)
+		} else {
+			err = fmt.Errorf("invlid token")
 		}
 
 		if isDefaultIdentity {