Can't get SDK initialization to work using JWT

Description
I’m using the iOS SDK (with the ionic plugin modified to add jwt initialization). I find that the [authService sdkAuth] is failing if using a generated JWT, wheras using an API Key and shared secret it works ok.

The failure is that either the onMobileRTCAuth is not called at all, or onMobileRTCAuth returns with MobileRTCAuthError_Unknown.

I’ve tried generating the JWT using a number of different methods, but none work:

Directly at jwt.io,
Using the .Net library System.IdentityModel.Tokens.Jwt (blessed at jwt.io)
Using some other methods online

Which version?
v4.6.21666.0603

To Reproduce(If applicable)

authService.jwtToken = jwt;
[authService sdkAuth];

The JWT is generated using the known working API key and shared secret for the SDK application in the marketplace.

Screenshots
If applicable, add screenshots to help explain your problem.

Smartphone (please complete the following information):
Varies, but the specifications don’t seem to matter. Have tried on a couple of different devices with no luck

  • Device: iPad A1893
  • OS: iOS 13.6

Additional context
Add any other context about the problem here.

Hey @gjudd

Thanks for using the dev forum!

Im sorry that is happening, that must be very frustrating.

Let’s double-check a few things:

  1. Make sure if you are using the jwtToken that you remove the "authService.clientKey = " and "authService.clientSecret = " lines.
  2. Make sure the “exp”, “iat”, and “tokenExp” values are valid. I use https://www.epochconverter.com/ to get the current time, and I set exp and tokenExp to one day in the future for testing. jwt.io Will verify if your dates are valid when you hover your curser overr the date.
  3. If you are using jwt.io, copy the JWT string directly (dont use the share jwt string). I have also made the mistake in the past of posting the key in both the secret and key fields or vice versa.
  4. See if your jwt works in the ios sample app: https://github.com/zoom/zoom-sdk-ios.

Let me know what you find!
Michael

Hi Michael,

thanks for your reply. I have been busy working on some other projects, but I have some time to look into this. In answer to your above questions:

  1. yes we are removing the clientKey and clientSecret lines
  2. I believe that they are. I had pasted above the exact values I was using at the time I was doing the testing, and the looked ok. Mouse over showed that “iat” was the current date and time, and “tokenExp” was about 16 minutes later, and “exp” was some minutes later than that
  3. I have been copying directly the string
  4. I used the same jwt in the sample app, and it also failed (onMeetNow ret:150 which is I think the same error)

I will try using the values from epochconverter to create a jwt and report back shortly

regards, Gwyn

Hello,

one further detail, I have tried to create a jwt using jwt.io and the values created using epochconverter, in the ios sample app, and the same error results.

Screenshot below showing the jwt:

Regards, Gwyn

Hey @gjudd,

Thank you for getting back to me with that info. Firstly, you JWT looks good in that final screenshot. So there are some more things we have to check. When you go to the Zoom Marketplace, there are actually two different spots where there would be a key and secret. There is an “API key and secret” and an “SDK key secret”.

I know it is confusing how these are named, but when creating a JWT for the SDK usage, you need to use the SDK key and secret and not the API key and secret. The other thing is tokenEXP must be at least 30 minutes in the future. Just for testing I would set both exp and tokenExp to be 24 hours ahead of the current time.

One other thing, the error you mentioned in number 4 is a meeting error not an SDK authentication error, so I am curious if the sample app authorized your JWT correctly, but failed to authenticate starting a meeting.

Let me know if you are still having issues!
Michael

Hi @gjudd, For creating JWT with NodeJS I am using https://www.npmjs.com/package/jsonwebtoken :-

var jwt = require('jsonwebtoken');

var expiry = ((new Date()).getTime() + 3600000); // JWT validity 1 hour
var payload = {
  "iss": API_KEY, // replace API_KEY with your API_KEY
  "exp": expiry
};

var jwtToken = jwt.sign(payload, API_SECRET); // replace API_SECRET with your API_SECRET

NOTE : In my case SDK_KEY and SDK_SECRET did not work.

1 Like

Hi Michael,

thanks for this reply. I am certainly using the SDK key and secret and not the API key and secret. I used the wrong wording in my initial post on this topic. Note, I can use this same key and secret to initialize the SDK, it is only if they are used to generate a JWT that the issue occurs.

regards, Gwyn

Hey @dmckelvie,

Thanks for using the dev forum!

Could you share your header and payload? Please replace your sdkSecret and sdkKey with “SDKSecret” and “SDKKey” before posting.

Thanks!
Michael

Hi Michael,

the problem seems to be resolved for me now. Our backend developer has done some changes to the way the JWT is being generated and it seems to be working. Sorry I cannot provide too much more detail on what had changed. I will keep monitoring to see if it comes back but for now you probably can close this.

Thanks for your attention,
Regards, Gwyn

1 Like

Hi Michael,

sorry I just realised that one of the replies (from dmckelvie) is actually from me. I was actually logged into zoom.us using a different user for testing and that is what happened.

regards, Gwyn

Hey @gjudd

Awesome, I am glad you got it working!

Let us know if you run into any other issues.
Michael

Not sure if this still applies, but in the jwt.io screenshot, you are using appKey. But the documentation as of this date shows “app_key”:

https://marketplace.zoom.us/docs/sdk/custom/auth

I had the same problem and just replaced “app_key” with “appKey” and this fixed my problem. I think you need to update your documentation. It also needs to be updated here:

/docs/sdk/native-sdks/auth

1 Like

Hey @AndroidDev,

Ahh thank you so much for catching that. We have updated the payload example for the client SDK. However, the fully customizable SDK should be using “app_key”.

Thanks!
Michael