Joining meeting timeout. Signature is invalid - Web client SDK

Description
Able to authorise and create a meeting using web client SDK for the user account whose credentials(api key, secret)
is used inside the app. But for other zoom account, users are able to authorise but unable to create the meeting.

Getting Error Joining meeting timeout. Signature is invalid. error
Web Client SDK version - 1.9.5

Device

  • Device: [MAC]
  • OS: [iOS 10.15.1]
  • Browser: [Chrome]
  • Browser Version [91.0]

Hey @ckavin,

Thank you for reaching out to the Zoom Developer Forum. What you’re seeing is expected behavior as currently the Web SDK only allows you to host meetings created on the same account as the JWT App that was used for the API Key/Secret.

Let me know if you have any questions.

Thanks,
Max

Hello MaxM,
In the case where the meeting has to be created with same account to which the keys belong.
We want to create/start meetings from different zoom accounts. There is no use case inside the app, if the meeting can be created by only one person( keys belonging person) and other persons can join. In documentation, this limitation was not found.
Is there any solution for this problem or alternate possibility to avoid this scenario.

Hey @ckavin,

While the user that hosts the meeting must be on your account, you can host a meeting for any user under your account. It’s not limited to any one of your users.

If you wanted to start a meeting for a host outside of your account, you would need to obtain their JWT Key and Secret in order to generate a token for their account.

I hope that helps!

Thanks,
Max

Hello MaxM,
We need to configure the Zoom video SDK inside our app, where many users of different account will join. We can’t ask our users to share their JWT key and secrets when creating the meeting with collaborators. In our case required an option to start the zoom meeting using web sdk once the authorization with zoom is done. Is there any possibility or workaround to have this feature.

Hey @ckavin,

I want to clarify that you can only host meetings that are created on your account. If a user outside of your account only wanted to join that meeting then the Web SDK doesn’t have user authentication built in so they absolutely could join a meeting from your account.

Really, this just means the meeting needs to be created under your user. We don’t recommend asking clients for JWT credentials.

Let me know if you have any questions.

Thanks,
Max

hallo MaxM,
In my case i use one account to create and start zoom session, strangely i have uploaded my project in both different domain address (different hosting), both have different problem. Domain A, showing "Joining meeting timeout.
Signature is invalid. "When the hosts begin the meeting, I made a signature check on the console (Success signature: [REDACTED]), fyi A domain is not using SSL (just http) whether the cause of this error?

Then, in domain B, I managed to enter the meeting page but couldn’t activate the audio and video (disabled button join audio) and the video was blank/black. In the console I get the error message “Refused to create a worker from ‘blob:’ because it violates the following Content Security Policy directive: “default-src * data: ‘unsafe-eval’ ‘unsafe-inline’”. that ‘worker-src’ was not explicitly set, so ‘default-src’ is used as a fallback.” ,fyi domain B uses SSL (https). Can you help me solve this problem?

And finally, when I tried it on localhost, everything went smoothly, only the participant gallery didn’t display the participant’s video.

Hey @evendyx,

Thank you for reaching out to the Zoom Developer Forum.

The Web SDK does require HTTPS for Video/Audio sharing so you may see issues there.

I would make sure that the signature is being passed to the SDK correctly with domain A. Are you seeing any console errors here?

This sounds like a result of how the server on domain B is configured. Where are you hosting Domain A and Domain B? What kind of HTTP server are you using?

Thanks,
Max

Yes, I think I have complied with the documentation, my signature code was successfully created and the sdk is also correct passed to sdk (@zooms/websdk v1.9.6), the signature code has been successfully generated, while the error message is "{method: “join”, status: false, result: “Invalid signature.”, errorMessage: “Signature is invalid.”, errorCode: 3712}
errorCode: 3712
errorMessage: “Signature is invalid.”
method: “join”
result: “Invalid signature.”
status: false
".

For server B, I use http server from Apache v2.4.48

Hey @evendyx,

Are you able to share a code snippet of how you’re generating the signature? Further, does this work when using the Sample Web App?

Thanks,
Max

yes sure, this my code

import { ZoomMtg } from “…/…/…/…/node_modules/@zoomus/websdk”;

ZoomMtg.setZoomJSLib(‘https://source.zoom.us/1.9.6/lib’, ‘/av’);
ZoomMtg.preLoadWasm();
ZoomMtg.prepareJssdk();
// loads language files, also passes any error messages to the ui
ZoomMtg.i18n.load(‘en-US’);
ZoomMtg.i18n.reload(‘en-US’);

var API_KEY = process.env.MIX_ZOOM_API_KEY;
var API_SECRET = process.env.MIX_ZOOM_API_SECRET;
var LEAVE_URL = process.env.MIX_LEAVE_URL;

export default {
name: “HostZoomFrame”,
data: function() {
return {
src: “”,
meetConfig: {},
signature: {}
};
},
props: {
username: String,
email: String,
meetingId: String,
password: String
},
created: function() {
// Meeting config object
this.meetConfig = {
apiKey: API_KEY,
apiSecret: API_SECRET,
meetingNumber: this.meetingId,
userName: this.username,
userEmail: this.email,
passWord: this.password,
leaveUrl: LEAVE_URL,
role: 1,
};

// Generate Signature function
this.signature = ZoomMtg.generateSignature({
  meetingNumber: this.meetConfig.meetingNumber,
  apiKey: this.meetConfig.apiKey,
  apiSecret: this.meetConfig.apiSecret,
  role: this.meetConfig.role,
  success: function(res) {
    console.log("Success signature: " + res.result);
  }
});

// start function
ZoomMtg.init({
  leaveUrl: LEAVE_URL,
  isSupportAV: true,
  disableCORP: true,
  success: () => {
    ZoomMtg.join({
      meetingNumber: this.meetConfig.meetingNumber,
      userName: this.meetConfig.userName,
      signature: this.signature,
      apiKey: this.meetConfig.apiKey,
      userEmail: this.meetConfig.userEmail,
      passWord: this.meetConfig.passWord,
      success: function(res) {
        console.log("Join meeting success");
      },
      error: function(res) {
        console.log(res);
      }
    });
  },
  error: function(res) {
    console.log(res);
  }
});

},
mounted: function() {}
};

Hey @evendyx,

Thank you for sharing that! It looks like you’re using VueJS, correct? When it comes to some of these reactive frameworks, the implementation can be pretty specific to get around application bundlers.

We have an example of how you can implement the Web SDK with VueJS in our Sample Vue.js App.

Please use that code as a reference and test with that sample to ensure that you are able to start/join meetings.

Let me know if that helps.

Thanks,
Max

Hey @MaxM ,
thanks for replying to my complaint, previously I implemented it in a laravel project with vue.js the results were like yesterday, and earlier I’ve tried with the Sample Vue.js App that you referenced, well I’ve used it while on local it can, but when it’s on input to the server / hosting seems the same, and still an error. Here I attach a screenshot of it. FYI, I’m using https and this screenshoot after uploaded in may host/server. Thank you.


Hi @evendyx,

Can you ensure you’ve pointed all your resources/dependencies to your production server/instance from your development resources after deploying?

well, I’m sure I’ve uploaded all the data from the production results in the dist/ folder to my hosting.

Hi @evendyx,

In doing a quick search, it seems like these errors might be related to CSP headers. Are there any differences between how you’re handling these, or your security policies, on local vs prod?

Thanks,
Will

Hi @will.zoom
thank you will, I think it’s also related to CSP, but I don’t know if it’s because of my server or from the data source (*http://source.zoom.us/1.9.6/lib/…). On localhost everything works correctly. This problem appears when it is built (production mode) to the hosting / server. I hope this problem can be solved in the future. I’ve been looking for some solutions on various forums but unfortunately I haven’t found a solution.

Hey @evendyx,

Thanks for clarifying. It seems like the production server has CSP rules applied. Do you know if you have the access to change that on the server? Do you mind sharing what production server you are using?

If not, please send an email to developersupport@zoom.us with a link to this thread. In that email, you can share how you are hosting the application privately.

Thanks,
Max

thank you @MaxM ,
While waiting for a reply from my server provider, I’m also really waiting for the latest update from @zooms/websdk, especially recording access in web, and view gallery in zooms web client. I will email you if this csp related issue is not resolved. Thanks for the help.

Hey @evendyx,

When it comes to Cloud Recording, you should be able to use that with a Pro Plan or higher. For Gallery View, make sure that you are using Chrome and that you have enabled Web Isolation and are using HTTPS.

I hope that helps!

Thanks,
Max