I am able to join a meeting that requires registration without registering

API and Webhooks
1

Description
I am creating meetings with approval_type: 0 and registration_type: 3. On creating a registration I get the join url, and send it to the registered user. The join url includes the meeting id, registrant token, and encrypted password so that they can join the meeting with one click.

Error
Anyone can just take the meeting id and encrypted password from the join url and access the meeting without registering. There are two problems here:

  1. Joining the meeting doesn’t actually require a registrant token.
  2. The encrypted password can be typed in as-is (without decrypting it), and it is accepted.

Which App Type (OAuth / Chatbot / JWT / Webhook)?
JWT

Which Endpoint/s?
POST /users/{userId}/meetings
POST /meetings/{meetingId}/registrants

How To Reproduce (If applicable)

Screenshots (If applicable)

Additional context

2

Hey @Bright,

Let me know if this clears up the confusion. If you are logged into your browser as the meeting host, and click on the participants unique registration join_url, or a constructed join_url, you will be admitted to the meeting, but as the host / creator of the meeting since your Zoom session overrides the participant join url. Basically Zoom detects the meeting host is already logged in, and then starts the meeting.

I tested this using an incognito browser that I (the meeting host) was not signed into, and the flow was expected, I was directed to register for the meeting:

Screen Shot 2020-07-14 at 3.34.59 PM
Screen Shot 2020-07-14 at 3.34.59 PM3584×2278 545 KB

Try exactly what you were doing, but either make sure you are logged out of your Zoom account on your browser, or use a private browsing session to emulate the participant not being logged into the host account.

Let me know what you see. :slight_smile:

Thanks,
Tommy

3

I am not logged into a zoom account and am able to access meetings that require registration by using the meeting id and then typing in the encrypted password.

4

Here are the steps:

  1. Someone sends you (or tweets) their join url of the form https://zoom.us/w/[meetingId]?tk=[registrationToken]&pwd=[encryptedPassword]
  2. You open your zoom app, logged in as someone who has not registered for this meeting
  3. Click join meeting, type in the meetingId
  4. You are prompted for a password, you type in the encryptedPassword
  5. You’re in. No registration necessary
5

@Bright

1] If you enter the encrypted password, it will still ask you to register for the meeting.

2] Once you give your name and email, then it will let you enter the email only if the approval is automatic.

3] If the approval is manual, then after you register, you will have to wait until your registration is approved by the host.

I hope this helps.

6

No this actually not true. It does not ask me to register, it allows me to enter the meeting without asking me to register. Do I need to send you a screen recording?

7

Hi @Bright,

If you’re seeing an instance where one of the above points is not observed, an example would help us to take a closer look!

Thanks,
Will

1 Like
9

Hello, has this been resolved? I’m having the same issue.

1 Like
10

Hi @drew.albert,

Can you share more details on what you’re seeing? I’m happy to look into this for you. If you can provide the steps to reproduce or an example, this will help.

Thanks!
Will

11

I also am seeing this behavior. If you have the meeting id and the password from the approval email from the registration, you can pass it along to someone else and they can enter the meeting

12

Hi @lindajcasey,

Can you share an example with our technical support team here so that they can help look into this for you?

Thanks,
Will

13

Can you explain with more details. I have a similar problem, some meetings redirect me to register page of this meeting, although I selected approval_type: 0, but when I open an incognito browser, referrence opens correctly without registration to meeting. Why this is happens and how to resolve this problem?

14

Hey @meirzhan-250,

Thank you for reaching out to the Zoom Developer Forum. I know that you saw my response in our other post but I wanted to link that solution here to keep the information available for those searching:

Thanks,
Max

15

I’m curious about this topic. My situation is, I created a scheduled meeting and require the participants to register with manual approval. My question is, how can I invite the speaker if he doesn’t follow the registration process?

16

Hi @cordagz,

By speaker, do you mean the meeting host? If so, they should be able to join using the start_url returned by the Create/GET meeting APIs.

Let me know if this is what you’re referring to—thanks!
Will

17

Hello,

I am the host actually, then we invited a resource speaker for the seminar but he refused to register. He just wants the zoom link for him to join.

18

Hi @cordagz,

If registration is required, the user will need to be registered to join.

Thanks,
Will

19

@will.zoom I am dealing with a similar situation. I’ve enabled registration for an event, but I want to provide speakers with a direct link to the session instead of making them sign for the event. How can we achieve this? If so, how?

Thanks

20

@kivilcimser You can try calling the Add a Webinar Registrant API for the speakers to add them as registrants automatically.