Currently we have built an iOS and Android app using Zoom SDK to host and join meeting. In our mobile app, we host/join meeting using ZAK token and everything works fine.
However, i notice that in the web SDK, joining meeting requires a signature generated from API_KEY and API_SECRET. From my understanding, the signature does not contain any information about the user.
So my question is what is the identity of a user who joins a meeting using signature through web SDK?
I am aware that in the join meeting API, you can include UUID or email. However, does this means that if I know the UUID or email of another user, I can pose as the user and join a meeting using his UUID and email together with a valid signature?
We need the identity of the user because we are using an enterprise account in an enterprise setting, so it is important to know who is joining each meeting. Thanks!
The JWT API_KEY and API_SECRET are tied to the developer who is using the SDK in their app.
The beauty of the Web SDK is that no account / identity is needed for users to join meetings via the Web SDK which allows you to customize the experience / tracking within your app.
Depending on your use case of integrating the Web SDK, you can have the user enter their Zoom email, or handle that with code if they arelogged into Zoom on your account.
