Client SDK Invalid Signature errorCode:200 PHP

Meeting SDK Web
4

Thanks everyone for your support.

@chunsiong.zoom Not the case but good thinking. That was a JWT app already working, the request was complete.

@j.schoenemeyer I tried that code too, the code I implemented as an example is just one of the many, actually the older, so yes, as you say, not good as it was for JWT Token and not SDK.
I also found at least two other similar examples to work with PHP and generate an SDK JWT Token but all of them were using third party software for encryption which I can’t use here.

Bottom line, I managed to crack it yesterday evening and the issue was a mixing of the right code and the right version together. Apparently, at some point, it was developed a version which requires specific header and payload to get a signature with the secret key.
My mistake was to try the new code with an older version first and then update the version and try again with older and incomplete code.

I am posting the final working result to request a valid SDK JWT Signature withouth using third party software.

<?PHP
 $sdk_key        = $_REQUEST["sdkKey"];  // This could be sdkKey or Client Id in the newest v. 2.10.1
 $sdk_secret     = " Your Secret key "; // This could be sdkKey secret or Client Secret in the newest v. 2.10.1

 $meeting_number = $_REQUEST["meeting_number"];
 $role           = $_REQUEST["role"]; 

 function base64url_encode($str) {
    return rtrim(strtr(base64_encode($str), '+/', '-_'), '=');
}

 
$headers = array(
    'alg' => 'HS256', //alg is required
    'typ' => 'JWT'
    );

date_default_timezone_set("UTC");
$time = time() - 30;
$exp = $time + 3600 * 2;

$payload = array(
    'sdkKey' => $sdk_key,
    'mn' => $meeting_number,       // meeting number that you send via post request
    'role' => $role, // 0 guest or 1 host via post request 
    'iat' => $time,
    'exp' => $exp,
    'appKey' => $sdk_key,
    'tokenExp' => $exp,
);

$key = $sdk_secret;


function generate_jwt($headers, $payload, $key) {
	$headers_encoded = base64url_encode(json_encode($headers));
	
	$payload_encoded = base64url_encode(json_encode($payload));
	
	$signature = hash_hmac('SHA256', "$headers_encoded.$payload_encoded", $key, true);
	$signature_encoded = base64url_encode($signature);
	
	$jwt = "$headers_encoded.$payload_encoded.$signature_encoded";
	
	return $jwt;
}

$jws = $jwt = generate_jwt($headers, $payload, $key);

echo $jwt;
 
?>

JS code previously posted did not change, just the PHP code to request the signature was changed.

Thanks everybody, I hope that helps someone else too.

1 Like