We’re running a Meeting SDK bot on Linux x86_64 using SDK version v6.7.5.7391. Authentication via SDKAuth() with a JWT token was working fine until March 3, 2026, when it started returning AUTHRET_UNKNOWN (code 5) consistently. No code changes were made.
Setup:
-
Platform: Linux x86_64 (Docker container)
-
SDK version: v6.7.5.7391 (latest)
-
App type: General app / User Managed
-
App status: Draft, Active for internal users
-
Authentication method:
IAuthService::SDKAuth()withAuthContext.jwt_token
JWT payload format:
{
"alg": "HS256",
"typ": "JWT"
}
{
"appKey": "<Client ID>",
"iat": <now - 30>,
"exp": <iat + 86400>,
"tokenExp": <iat + 86400>
}
Signed with Client Secret using HS256.
What we’ve verified:
-
Client ID (22 chars) and Client Secret (32 chars) are present and correct
-
JWT is well-formed (3 parts, valid structure)
-
System clock is accurate (no skew)
-
The meeting is hosted by a user within the same Zoom account that owns the app
-
InitSDK()returnsSDKERR_SUCCESS(0) -
SDKAuth()returnsSDKERR_SUCCESS(0), but theonAuthenticationReturncallback returnsAUTHRET_UNKNOWN(5)
What we’ve tried:
-
Using
AuthContext.publicAppKeywith Client ID instead of JWT — returnsAUTHRET_JWTTOKENWRONG(11) -
No code changes from working state last week
Questions:
-
Did the March 2, 2026 authorization enforcement change anything about SDK-level authentication via
SDKAuth()with JWT, even for same-account meetings? -
Is there a new required JWT payload field or authentication flow for native Linux SDK apps post-March 2?
-
Does a Draft / “Active for internal users” app need any additional configuration to continue authenticating after the March 2 changes?
-
Is
AuthContext.publicAppKeyintended as a replacement for JWT auth on native platforms, and if so, what value should it contain?
Any guidance is appreciated. Happy to provide SDK logs if needed.