Description
I am creating meetings with approval_type: 0 and registration_type: 3. On creating a registration I get the join url, and send it to the registered user. The join url includes the meeting id, registrant token, and encrypted password so that they can join the meeting with one click.
Error
Anyone can just take the meeting id and encrypted password from the join url and access the meeting without registering. There are two problems here:
- Joining the meeting doesn’t actually require a registrant token.
- The encrypted password can be typed in as-is (without decrypting it), and it is accepted.
Which App Type (OAuth / Chatbot / JWT / Webhook)?
JWT
Which Endpoint/s?
POST /users/{userId}/meetings
POST /meetings/{meetingId}/registrants
How To Reproduce (If applicable)
Screenshots (If applicable)
Additional context