Getting error signature is invalid

Getting error signature is invalid if the computer local clock is running behind the current time.

How to make the signature not time sensitive?

image

function GenerateSignature() {
ZoomMtg.generateSDKSignature({
meetingNumber: meetingConfig.meetingNumber,
sdkKey: meetingConfig.apiKey,
sdkSecret: meetingConfig.secretkey,//‘OhtsaVqifsv18EfDwH19Y9ZRQ5SFAUT8dICZ’,
role: meetingConfig.role,
success: function (res) {
console.log(res.result);
meetingConfig.signature = res.result;
beginJoin(meetingConfig.signature);
},
});
};

how big is the time difference between the computers?

does the signature work if the computers are time-synchronized?

the normally used function has a time tolerance of (-30s … 2h)

const KJUR = require('jsrsasign')
// https://www.npmjs.com/package/jsrsasign
function generateSignature(sdkKey, sdkSecret, meetingNumber, role) {

  const iat = Math.round((new Date().getTime() - 30000) / 1000)
  const exp = iat + 60 * 60 * 2
  const oHeader = { alg: 'HS256', typ: 'JWT' }

  const oPayload = {
    sdkKey: sdkKey,
    mn: meetingNumber,
    role: role,
    iat: iat,
    exp: exp,
    appKey: sdkKey,
    tokenExp: iat + 60 * 60 * 2
  }

  const sHeader = JSON.stringify(oHeader)
  const sPayload = JSON.stringify(oPayload)
  const sdkJWT = KJUR.jws.JWS.sign('HS256', sHeader, sPayload, sdkSecret)
  return sdkJWT
}

Jürgen

@sarita.joshi,

When the local clock is running at the current time, does the error occur? My thought is you would likely have to do some massaging to the ‘iat’ property of the signature function, as the solution would be specific to your use case.

Error does not occur if clock is running at current time.