Error: The Token's Signature resulted invalid when verified using the Algorithm: HmacSHA256

I’m trying to authenticate with the Zoom API using C# and a JWT.io library (System.IdentityModel.Tokens.Jwt). When I use the token generated in the App Marketplace under JWT > App Credentials I can retrieve info from https://api.zoom.us/v2/users, so I know my request to the API is fine. The problem I’m having is with generating a valid token. I’ve verified multiple times that my API Key and API Secret are both correct and are being passed into the correct variables.

Here is my C# code for generating the token. Am I missing something? My header and payload look fine, and I’ve tried both SecurityAlgorithms.HmacSha256Signature and SecurityAlgorithms.HmacSha256 to no avail.

protected static string GenerateJSONWebToken()
    {
        var symmetricKey = Convert.FromBase64String(ApiSecret);
        var tokenHandler = new JwtSecurityTokenHandler();
        tokenHandler.SetDefaultTimesOnTokenCreation = false;

        var now = DateTime.UtcNow;
        var tokenDescriptor = new SecurityTokenDescriptor
        {
            Issuer = ApiKey,
            Expires = now.AddSeconds(30),
            SigningCredentials = new SigningCredentials(
                new SymmetricSecurityKey(symmetricKey),
                SecurityAlgorithms.HmacSha256Signature),
        };

        var stoken = tokenHandler.CreateToken(tokenDescriptor);
        var token = tokenHandler.WriteToken(stoken);

        return token;
    }

Hey @justin_holton,

Have you tried googling the error? Checkout this stackoverflow:

Thanks,
Tommy

Of course. I googled for hours. I’ve since figured out the issue was the Convert.FromBase64String() function. Rather than converting from base 64 I simply converted the “API Secret” as a normal string and that did the trick. If anyone is using C# and needs a function to generate your JWT, I can confirm this code works for me.

protected static string GenerateJSONWebToken()

{
var symmetricKey = Encoding.ASCII.GetBytes(ApiSecret);
var tokenHandler = new JwtSecurityTokenHandler();

var now = DateTime.UtcNow;
var tokenDescriptor = new SecurityTokenDescriptor
{
	Issuer = ApiKey,
	Expires = now.AddSeconds(10),
	SigningCredentials = new SigningCredentials(
		new SymmetricSecurityKey(symmetricKey),
		SecurityAlgorithms.HmacSha256Signature),
};

var stoken = tokenHandler.CreateToken(tokenDescriptor);
var token = tokenHandler.WriteToken(stoken);

return token;

}

It would have been nice if Zoom provided this code in their JWT documentation under “Sample Code.” The sample code provided instead is just a generic API call with no indication on how to generate the JWT. For that I had to google. Don’t get me wrong, Zoom’s sample code is useful but it would have been a lot more useful if the JWT section actually had JWT sample code.

2 Likes

Hey @justin_holton,

Glad you figured out the issue! We will add JWT Token creation examples to our docs! :slight_smile:

CC @shrijana.g

Thanks,
Tommy

1 Like

Thank you @justin_holton for making us aware of this. We will add this request to our backlog and ensure that the JWT creation step is clearly explained in our docs.

Hi, i have the same issue, but i’m using postman with the request for get a user, i used the credentials in View JWT Token, the expiration date is for tomorrow

Hey @acandela,

Can you try regenerating your JWT Secret Key and trying again?

Thanks,
Tommy