Currently we have built an iOS and Android app using Zoom SDK to host and join meeting. In our mobile app, we host/join meeting using ZAK token and everything works fine.
However, i notice that in the web SDK, joining meeting requires a signature generated from API_KEY and API_SECRET. From my understanding, the signature does not contain any information about the user.
So my question is what is the identity of a user who joins a meeting using signature through web SDK?
I am aware that in the join meeting API, you can include UUID or email. However, does this means that if I know the UUID or email of another user, I can pose as the user and join a meeting using his UUID and email together with a valid signature?
We need the identity of the user because we are using an enterprise account in an enterprise setting, so it is important to know who is joining each meeting. Thanks!