JWT expiration clarification

Description
I’m using a JWT to authenticate my Android Meeting SDK application. I’m hardcoding my JWT in my application only for development purposes (will not hardcode in production).

The documentation states that the exp and tokenExp values must be a minimum of 1800 seconds greater than the iat value, but when I set the tokenExp value to iat + 1800 and then use the JWT to initialize the SDK, I get error code: 1, internal error code: 0

I see in the documentation (screen shot below) that the iat should be set to the current time but since I’m hardcoding the JWT in my development app, there is a delay between when I issue the JWT and when it is actually used.

Interestingly, if I set the exp value to iat + 1800, even if iat is not equal to the current time, the JWT is valid.

It seems like minimum valid timestamps to initialize the SDK are,
exp = iat + 1800
tokenExp = currentTime + 1800

Is this a correct interpretation or is there an error in my JWT?

{
“appKey”: “SDK_KEY”,
“iat”: 1647378148,
“exp”: 1647464548,
“tokenExp”: 1647379948
}

Which Android Meeting SDK version?
Android Meeting SDK version 5.9.6.4777

Hi @sdev, thanks for using our SDK.

The timespan between iat and exp/tokenExp represents the current time. So while your JWT will still work if the iat value is not the current time exactly, if you wait too long before using the JWT SDK auth will fail.

Thanks!

Hi @jon.lieblich, thank you for your response. I have a follow-up question,

I know that if I try to initialize the SDK with an expired token, the auth will fail and the SDK will not be initialized but what is the expected behavior if the token expires while I’m using the SDK?

For example, in my app I successfully initialize the SDK with a valid JWT. Then I wait until both the tokenExp and exp times have past. Once the token has expired, I can still join a meeting using the joinMeetingWithParams method and I can call other SDK methods. I don’t see any change in my app’s behavior once the token expires as long as the SDK is already initialized. Is this expected?

Hi @sdev,

If your auth session expires and you need to auth again, you will receive the onZoomAuthIdentityExpired callback.

Thanks!

Thank you @jon.lieblich. I’m receiving the auth session expired event in the onZoomAuthIdentityExpired callback. However, even after the auth session expires, I can still use the SDK to join a meeting as a non-login user.

I assumed that once the auth session expired, I wouldn’t be able to use the SDK until I provided a new authentication token, but this is not what I’m experiencing in my app. What features of the SDK are no longer available once the auth session expires?

Hi @sdev,

Are you sure that you’re seeing the onZoomAuthIdentityExpired callback and not the similarly named onZoomIdentityExpired one? You should not be able to use the SDK to join a meeting after receiving the first one.

Thanks!

Yes, I’m using onZoomAuthIdentityExpired. I see the debug messages from both ZoomSDKAuthenticationListener and ZoomSDKInitializeListener in the log when the session expires.

private val sdkInitListener = object : ZoomSDKInitializeListener {
        /**
         * If the [errorCode] is [ZoomError.ZOOM_ERROR_SUCCESS], the SDK was initialized and can
         * now be used to join/start a meeting.
         */
        override fun onZoomSDKInitializeResult(errorCode: Int, internalErrorCode: Int) {
            if (errorCode == ZoomError.ZOOM_ERROR_SUCCESS && meetingId != null && meetingPwd != null) {
                joinMeeting(applicationContext, meetingId!!, meetingPwd!!)
            } else {
                Toast.makeText(applicationContext, "error code: $errorCode, internal error code: $internalErrorCode", Toast.LENGTH_SHORT).show()
            }
        }
        override fun onZoomAuthIdentityExpired() {
            Log.d("myzoomsample", "onZoomAuthIdentityExpired triggered")
        }
    }

    private var authenticationListener = object : ZoomSDKAuthenticationListener {
        override fun onZoomSDKLoginResult(p0: Long) {}

        override fun onZoomSDKLogoutResult(p0: Long) {}

        override fun onZoomIdentityExpired() {}

        override fun onZoomAuthIdentityExpired() {
            Log.d("myzoomsample", "EXPIRED Auth!")
        }
    }

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.