I am able to join a meeting that requires registration without registering

API and Webhooks
#1

Description
I am creating meetings with approval_type: 0 and registration_type: 3. On creating a registration I get the join url, and send it to the registered user. The join url includes the meeting id, registrant token, and encrypted password so that they can join the meeting with one click.

Error
Anyone can just take the meeting id and encrypted password from the join url and access the meeting without registering. There are two problems here:

  1. Joining the meeting doesn’t actually require a registrant token.
  2. The encrypted password can be typed in as-is (without decrypting it), and it is accepted.

Which App Type (OAuth / Chatbot / JWT / Webhook)?
JWT

Which Endpoint/s?
POST /users/{userId}/meetings
POST /meetings/{meetingId}/registrants

How To Reproduce (If applicable)

Screenshots (If applicable)

Additional context

#2

Hey @Bright,

Let me know if this clears up the confusion. If you are logged into your browser as the meeting host, and click on the participants unique registration join_url, or a constructed join_url, you will be admitted to the meeting, but as the host / creator of the meeting since your Zoom session overrides the participant join url. Basically Zoom detects the meeting host is already logged in, and then starts the meeting.

I tested this using an incognito browser that I (the meeting host) was not signed into, and the flow was expected, I was directed to register for the meeting:

Screen Shot 2020-07-14 at 3.34.59 PM
Screen Shot 2020-07-14 at 3.34.59 PM3584×2278 545 KB

Try exactly what you were doing, but either make sure you are logged out of your Zoom account on your browser, or use a private browsing session to emulate the participant not being logged into the host account.

Let me know what you see. :slight_smile:

Thanks,
Tommy

#3

I am not logged into a zoom account and am able to access meetings that require registration by using the meeting id and then typing in the encrypted password.

#4

Here are the steps:

  1. Someone sends you (or tweets) their join url of the form https://zoom.us/w/[meetingId]?tk=[registrationToken]&pwd=[encryptedPassword]
  2. You open your zoom app, logged in as someone who has not registered for this meeting
  3. Click join meeting, type in the meetingId
  4. You are prompted for a password, you type in the encryptedPassword
  5. You’re in. No registration necessary
#5

@Bright

1] If you enter the encrypted password, it will still ask you to register for the meeting.

2] Once you give your name and email, then it will let you enter the email only if the approval is automatic.

3] If the approval is manual, then after you register, you will have to wait until your registration is approved by the host.

I hope this helps.

#6

No this actually not true. It does not ask me to register, it allows me to enter the meeting without asking me to register. Do I need to send you a screen recording?

#7

Hi @Bright,

If you’re seeing an instance where one of the above points is not observed, an example would help us to take a closer look!

Thanks,
Will

#9

Hello, has this been resolved? I’m having the same issue.

1 Like
#10

Hi @drew.albert,

Can you share more details on what you’re seeing? I’m happy to look into this for you. If you can provide the steps to reproduce or an example, this will help.

Thanks!
Will

#11

I also am seeing this behavior. If you have the meeting id and the password from the approval email from the registration, you can pass it along to someone else and they can enter the meeting

#12

Hi @lindajcasey,

Can you share an example with our technical support team here so that they can help look into this for you?

Thanks,
Will

#13

Can you explain with more details. I have a similar problem, some meetings redirect me to register page of this meeting, although I selected approval_type: 0, but when I open an incognito browser, referrence opens correctly without registration to meeting. Why this is happens and how to resolve this problem?

#14

Hey @meirzhan-250,

Thank you for reaching out to the Zoom Developer Forum. I know that you saw my response in our other post but I wanted to link that solution here to keep the information available for those searching:

Thanks,
Max