Description
I am creating meetings with approval_type: 0 and registration_type: 3. On creating a registration I get the join url, and send it to the registered user. The join url includes the meeting id, registrant token, and encrypted password so that they can join the meeting with one click.
Error
Anyone can just take the meeting id and encrypted password from the join url and access the meeting without registering. There are two problems here:
Joining the meeting doesn’t actually require a registrant token.
The encrypted password can be typed in as-is (without decrypting it), and it is accepted.
Which App Type (OAuth / Chatbot / JWT / Webhook)?
JWT
Which Endpoint/s?
POST /users/{userId}/meetings
POST /meetings/{meetingId}/registrants
Let me know if this clears up the confusion. If you are logged into your browser as the meeting host, and click on the participants unique registration join_url, or a constructed join_url, you will be admitted to the meeting, but as the host / creator of the meeting since your Zoom session overrides the participant join url. Basically Zoom detects the meeting host is already logged in, and then starts the meeting.
I tested this using an incognito browser that I (the meeting host) was not signed into, and the flow was expected, I was directed to register for the meeting:
Try exactly what you were doing, but either make sure you are logged out of your Zoom account on your browser, or use a private browsing session to emulate the participant not being logged into the host account.
I am not logged into a zoom account and am able to access meetings that require registration by using the meeting id and then typing in the encrypted password.
No this actually not true. It does not ask me to register, it allows me to enter the meeting without asking me to register. Do I need to send you a screen recording?
Can you share more details on what you’re seeing? I’m happy to look into this for you. If you can provide the steps to reproduce or an example, this will help.
I also am seeing this behavior. If you have the meeting id and the password from the approval email from the registration, you can pass it along to someone else and they can enter the meeting
Can you explain with more details. I have a similar problem, some meetings redirect me to register page of this meeting, although I selected approval_type: 0, but when I open an incognito browser, referrence opens correctly without registration to meeting. Why this is happens and how to resolve this problem?
Thank you for reaching out to the Zoom Developer Forum. I know that you saw my response in our other post but I wanted to link that solution here to keep the information available for those searching:
I’m curious about this topic. My situation is, I created a scheduled meeting and require the participants to register with manual approval. My question is, how can I invite the speaker if he doesn’t follow the registration process?
@will.zoom I am dealing with a similar situation. I’ve enabled registration for an event, but I want to provide speakers with a direct link to the session instead of making them sign for the event. How can we achieve this? If so, how?