Invalid signature (3712) with a published production General App when using Meeting SDK 6.0.2

Meeting SDK Web
,
1

Hi,

The topic is frequent, but no similar posts helped resolve this. The reduced problem / STR for us:

  • Have a General App that’s already been published, with the option for Meeting SDK enabled
  • Have the latest meetingsdk-web-sample running from GitHub (uses the latest Meeting SDK 6.0.2)
  • Try joining any meeting using said web sample and always get error 3712

Related app has the client ID of vDIjRI7JRme8VUJVAJ0qHw.

Things we tried / ensured:

  • The app has already been published and activated in production, so this can’t be the problem;
  • At the same time, using development credentials does work, but only for meetings hosted by internal accounts. External meetings yield error 4011 - that is, publishing required, which is expected.
  • Credentials from the old legacy Meeting SDK app work okay, but only for internal accounts - using meeting from external accounts yield 4012 (anonymous join error) - again, subject to publishing the app, which is impossible for this legacy app type.
  • The signature generation itself has been triple checked all around - JWT parameters match the ones we pass to join() function of @zoom/meetingsdk, the JWT signature itself is correct.
  • Regenerating the client secret in production does not help
  • Adding the reference General App to the Zoom account of a meeting owner doesn’t change anything, be it an external or internal account relative to the General App.
    • Odd behaviour is observed here: after a successful OAuth2 exchange the app never shows in the “added apps” section in native Zoom client, so it’s only possible to revoke the token from our own UI.

No sample code necessary as we can reproduce the issue with the Sample app that Zoom provides, and said Sample app works okay with multiple other credentials anyway, so it can generate the JWTs just fine. As a matter of fact, it uses both the appKey and sdkKey, while sdkKey is considered deprecated for recent Meeting SDK versions.

Any insight on this would be hugely welcome. We have end customers that are impacted by this.

Is it possible to reach anyone at Zoom to check whether the publishing state of our General App (marketplace ID KOqBO6fdSIuWo62WA_adMg) is actually okay?

2

@MeetingPulse since you are using meeting SDK web, can you capture a web tracking ID for me?

Screenshot 2023-11-16 at 2.54.58 PM
Screenshot 2023-11-16 at 2.54.58 PM2287×1110 410 KB

3

please tag me in your response @MeetingPulse

4

@chunsiong.zoom Thanks for taking your time on this!

An example tracking ID header for the failing response is v=2.0;clid=us02;rid=WEB_d281b5ac875d5184dc1191b36fc53dbe

This is however from the POST https://zoom.us/api/v1/wc/info request, which is the last meaningful request when failing to join. It has the same payload as in the request from your screenshot: meeting numbers, JWT signature and all, and the error as the response, so hopefully should act the same for debugging purposes.

This is from the Local flavour of the Web Sample.

20260515-zoom-failing-jwt
20260515-zoom-failing-jwt1916×959 246 KB

5

@MeetingPulse can you paste the jwt token here>?

Internal Ref: ZSEE-203455

6

@chunsiong.zoom Sure thing. The tokens the Sample App generates have a 2h TTL, so here’s a fresher example:

Tracking ID: v=2.0;clid=us02;rid=WEB_fa53ee7d8aa4ef7b4a45c2557ed1e856

JWT: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhcHBLZXkiOiJ2RElqUkk3SlJtZThWVUpWQUowcUh3Iiwic2RrS2V5IjoidkRJalJJN0pSbWU4VlVKVkFKMHFIdyIsIm1uIjo4MTcyMTgwNjA2LCJyb2xlIjowLCJpYXQiOjE3Nzg4MzE5MzAsImV4cCI6MTc3ODgzOTEzMCwidG9rZW5FeHAiOjE3Nzg4MzkxMzB9.r57-NuLMJgzX9e7dL8idV_2RQVHmzS9GsIYzGgxOaDY

Complete network log HAR file here

7

@MeetingPulse I’ll check this internally and get back to you, if you don’t hear from me after 1 week, do tag me in this post.