I am creating meetings with approval_type: 0 and registration_type: 3. On creating a registration I get the join url, and send it to the registered user. The join url includes the meeting id, registrant token, and encrypted password so that they can join the meeting with one click.
Anyone can just take the meeting id and encrypted password from the join url and access the meeting without registering. There are two problems here:
- Joining the meeting doesn’t actually require a registrant token.
- The encrypted password can be typed in as-is (without decrypting it), and it is accepted.
Which App Type (OAuth / Chatbot / JWT / Webhook)?
How To Reproduce (If applicable)
Screenshots (If applicable)