JWT Authentication failure

Description
About two weeks ago I had an app successfully making API requests to Zoom using JWT which is now not working. I was able to take a look at an example of a failed API request using Fiddler and I saw that the response was a 401 Unauthorized with the body including the message

The Token can’t be used before Wed May 06 19:18:54 UTC 2020.

With Fiddler I could determine the JWT token my app generated and by entering the token into JWT.io I find that the value for nbf (not valid before) is

Wed May 06 2020 15:18:54 GMT-0400 (Eastern Daylight Time)

This is an exact four hour difference, which I’ve found consistent across other requests. Strangely, if I submit a similar API request (same endpoint, different body) using Postman, with the JWT token that my app generated, the call works as expected. The easiest solution would be to remove nbf from the JWT token, however the library I’m using (Microsoft’s IdentityModel framework) seems to have it’s own issues with that. Again, the app worked two weeks ago having nbf included.

So, in summary, my issue seems to be that the endpoint rejects my request due to the nbf value being later than the current time. However, I verified by looking at an intercepted request that the token has an appropriate nbf value.

If it helps, the endpoint I am requesting is https://api.zoom.us/v2/meetings/{meeting-id}/registrants

Screenshots (If applicable)
App HTTPS request

Postman HTTPS request

I tried setting the nbf value to an hour before the current time and that seems to have fixed the problem I was having. Funny how I can spend two days working on this and five minutes after making a forum post I seem to fix it myself. :man_shrugging:

2 Likes

Happy to hear you figured it out @namdev! :slight_smile:

Let us know if you have any other questions!

Thanks,
Tommy