Decoding the web url pwd for the web sdk

Description
I want the web SDK to be able to join a meeting with the pwd url password. If a user is sent the url with the pwd in it, then they are being explicitly granted access to a meeting. Adding a new barrier for the web sdk doesn’t introduce more security, just complexity.

Can someone tell me how to convert the pwd into a plaintext password? Or even better because I really don’t want to do that, allow anyone that has been sent the URL access to the web sdk using the url pwd password.

Hey @lja,

Thank you for reaching out to the Zoom Developer Forum. Good question! We don’t have a method to decrypt the password from the join_url / start_url as that field is processed internally by the Zoom Clients.

If you wanted to have links to join your meeting via the Web SDK, you’ll want to create your own routing system that is able to handle the parameters in the URL for your website so that your code can join the meeting in a similar fashion to how the Web Client works.

I hope that helps! Let me know if you have any questions. :slightly_smiling_face:

Thanks,
Max

Hey Max,

I really don’t mind putting in the effort to do whatever it takes to get a pwd password to be accepted by the Web SDK but I don’t understand the suggestion you made.

Are there docs or examples of what I should do to get this working?

Thanks,
Luke

Hey @lja,

Thank you for your question. Just to be clear, there isn’t a way to use the pwd parameter from the join_url or start_url with the Web SDK. Instead, I was saying this is something you would need to implement. That would mean encrypting your password from plain text, providing users with a link to your website and having logic to handle that link and open the Web SDK accordingly.

If you just need to obtain a plain text version of the password and you’re not worried about routing users through your website, you can use the password field from the Get a Meeting API.

image

Let me know if that helps.

Thanks,
Max

To be totally clear, I’m parsing my email invites into the web sdk for an app I’m building and the passcode is in the email but typically it’s mixed between "Passcode: " and "Password: " but there are a number of ways people can include the password, or not at all and just use the URL with the double base64 pwd field.

Can I use the Get a Meeting API for meetings that I’m not the host of but just a participant?

Hey @lja,

Thank you for your question. You can’t call the Get a Meeting API for a meeting that you are a participant of unless you have an OAuth app that the host has installed on their account and you call the API on their behalf.

If you’re parsing emails, you may want to look into using regular expressions but as you mentioned this may not cover all use cases based on how the invite is sent to you.

Thanks,
Max

Just for my own understanding, is there a reason why the pwd field isn’t available for the Web SDK? I know it’s not a security constraint because it essentially gives someone access to the private information (the meeting) but I’m just struggling to understand what the advantages of that limitation are.

Hey @lja,

The pwd parameter was implemented for our Web Client specifically whereas the Web SDk is intended for building out your own Web Client where you could implement this feature if necessary. In other words, I don’t think there is a reason this hasn’t been included it just hasn’t been on our roadmap so far.

If you would like this feature to be considered for a future release, I recommend posting in the #feature-requests category.

Thanks,
Max

For those that find this after me, I would appreciate an upvote:

Search keywords: url encryption, pwd websdk, pwd encryption, double base64, binary pwd

Hey @lja,

Thank you for submitting a feature request!

Thanks,
Max

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.