Jwt error 5 returned from AuthWithJwtToken

Description
Failure to authenticate via JWT token.

Which version?
electron sdk v4.6.15088.0210

To Reproduce(If applicable)
I generated a JWT token using the following format:
Header:
{
“alg”: “HS256”,
“typ”: “JWT”
}
Payload:
{
“appKey”: (my app key),
“iat”: 1586616448,
“exp”: 1586702911,
“tokenExp”: 5000
}
Encoded Token:
HMACSHA256(
base64UrlEncode(header) + “.” +
base64UrlEncode(payload),
(my app secret)
)

After passing that encoding as a string to the JWT auth electron function:
return zoomauth.AuthWithJwtToken("(encoded token)");

My returned error code was 5:
(log) returned from auth: 5

Documentation could be clearer about error codes but from what I gather, it appears this is an unknown error and I should reach out to the dev forum for assistance. I’ve tried with both a basic account and pro account.

Any guidance on how to proceed with troubleshooting?

Thanks,
Nitin

@nraj have you looked over the demo code (for other examples of implementing the Electron SDK sir)?

Have you tried isolating this by using the auto-generated JWT token from within Marketplace and passing that into your zoomauth.AuthWithJwtToken() call? Do you get the same result?

Have you tried using SDK App and API Keys in Marketplace instead of the JWT?

Hi @bdeanindy - thanks for the quick response and assistance!

I have been looking at the demo code, especially when first structuring my project a few weeks back. Until now, I’ve been using the app and secret key directly via the zoomauth.SDKAuth(appkey, appsecret) call as the demo app does, and yes those have been working for me just fine.

It was as soon as I replaced the call to zoomauth.SDKAuth(appkey, appsecret) with zoomauth.AuthWithJwtToken(generatedtoken) that I started getting back error code 5. I just tried to use the auto generated JWT token from within marketplace and got the same result - error code 5.

One more test I just tried - I set up the newest demo app (clean with no changes from my end) from the recent zoom electron sdk release. I ran the app and tried to authenticate via JWT on the demo app, and the console logging showed error code 5 again:
AuthWithJwtToken 5

I used the generated JWT token from the marketplace for the test so not sure what could be going wrong here.

Hi nraj,

Thanks for the reply. The interface AuthWithJwtToken needs a JWT token that was generated from SDK key & secret. The JWT token from the Marketplace is used to authenticate with Zoom REST API(https://marketplace.zoom.us/docs/api-reference/introduction), it won’t work for SDK initialization.

You may refer to the instruction in https://github.com/zoom/zoom-sdk-electron/blob/master/CHANGELOG.md#new-sdk-initialization-method-using-jwt-token to generate the JWT token for SDK initialization.

Hope this helps. Thanks!

Hi @Carson_Chen - thanks for the reply and assistance!

Yes, I had originally followed the instructions on the page you’ve linked to generate my JWT tokens - I generated my JWT token initially from the appkey and app secret (see initial post for the format I used to generate the token) and then passed that token to AuthWithJwtToken to initialize the SDK in my app and received error code 5.

In addition to being unable to use my generated jwt token in my app, I tried this test on the unchanged demo app:

  1. Downloaded the latest zoom electron demo app (v4.6.15798.0403)
  2. Rebuilt and ran the demo app with no code changes
  3. Generated JWT token using the format outlined in my initial post (not the jwt from marketplace)
  4. In the demo app initial dialog I entered the domain, and then selected the “Auth with JWT token” option
  5. Entered the generated jwt token
  6. Nothing happened and console logging showed the following message:
    AuthWithJwtToken 5
  7. Using the app key and secret key directly works fine, and I’m taken to the next dialog

It appears I’m getting the same result on both my app and the demo app when trying to initialize the SDK with a JWT generated from my account sdk key and secret key - error code 5. But the sdk key and secret key work fine for initializing the SDK directly on both my app and the demo app.

One thing I wasn’t too sure about was the difference between exp and tokenExp. I set iat to current epoch time, and exp to epoch time of current time + 1 day. For tokenExp I set to 86400. So an example of the payload I just tried in my encoded jwt token:

{
“appKey”: “<my_app_key>”,
“iat”: 1586841706,
“exp”: 1586928106,
“tokenExp”: 86400
}

Any issues with that payload?

Any thoughts on how to troubleshoot this error code 5 further? Could it be an issue with my account?

Thanks,
Nitin

Hi Nitin,

Thanks for the detail reply. Please try to place a timestamp in the field “tokenExp” instead of a number, such as:

{
“appKey”: “<my_app_key>”,
“iat”: 1586841706,
“exp”: 1586928106,
"tokenExp": 1586928106
}

Hope this helps. Thanks!

1 Like

Hi Carson,

Thanks - that resolved the issue! Appreciate the quick solution :slight_smile:

Apologies for the confusion, I saw on a previous dev forum post that the tokenExp used seconds as a unit and minimum requirement was 1800 (30 min) - hence me setting it to 86400 as the number of seconds in one day.

Out of curiosity, is there any difference between exp and tokenExp?

Thanks again for your help!

Thanks,
Nitin

Hi Nitin,

Glad to hear that it is working now.

May I ask where did you find the info? I would like to provide a follow-up response to avoid having people confusing. And we will continue improving the documentation on this.

Good question :slight_smile: The Exp is the expiration time of the JWT token itself, if Exp < current timestamp, it means the token has expired. The tokenExp field is used to set how long will the SDK authentication last. If the SDK auth has expired, the corresponding callback will be triggered, and you will need to use a JWT token that has not expired to perform the authentication again.

Hope this helps. Thanks!

Hi @Carson_Chen, here’s a link to the post: iOS SDK JWT key not working

Got it, thanks for the info! Definitely helps. Appreciate the speedy assistance in these hectic times.

Glad to be helpful. Happy Zooming! :slight_smile:

Hi, I got the same status (5) return, could you help to check where I may missed?
Is “<” necessary for appKey?
Thank you!

{
“appKey”: “”,
“iat”: 1590055200,
“exp”: 1590062400,
“tokenExp”:1590062400
}

Hi @duochang,

The “<” is not necessary and will cause issues. The value to the “appKey” key in the payload should be your Zoom SDK app key passed as a string. So if your appKey was 123456789, your payload above should be:
{
“appKey”: “123456789”,
“iat”: 1590055200,
“exp”: 1590062400,
“tokenExp”:1590062400
}

If you’re still getting error code 5 with a payload like that, then we’ll need Carson’s expertise :smile:

Thanks,
Nitin

2 Likes

Hi @nraj,

I don’t know why failed yesterday but it works now, thank you very much for help!

1 Like

Hi @nraj, thanks for helping out! :smile:

@duochang Glad to hear that it is working now. Please let us know if you have any other questions. Thanks!

This section says “tokenExp”: long // token expire time, MIN:1800 seconds: https://marketplace.zoom.us/docs/sdk/native-sdks/android/mastering-zoom-sdk/sdk-initialization#composing-jwt-for-sdk-initialization

This confused me into thinking tokenExp should be set as the number of seconds before the token should expire? Would it be possible to update this page to indicate that tokenExp should be the timestamp when the token should expire?

Thanks for the feedback. Yes, the tokenExp should be the timestamp when the token should expire and it should be earlier than the timestamp of exp. I will forward this to the doc team to update the content. Thanks

1 Like