Signature invalid

Meeting SDK Web
1

Please kindly assist. Each time we want to join meeting when using the web sdk we always receive Signature Invalid.

kindly guide me on how to resolve the issue.

2

Are you using the component view or client view SDK? Can you provide some more info about how you are generating the signature and what you are passing in the join function call?

3

var signature = ZoomMtg.generateSDKSignature({
meetingNumber: meetingConfig.mn,
sdkKey: CLIENT_ID,
sdkSecret: CLIENT_SECRET,
role: meetingConfig.role,
success: function (res) {

                        meetingConfig.signature = res.result;
                        meetingConfig.sdkKey = CLIENT_ID;
                        var joinUrl = "/zoom/meeting.html?" + testTool.serialize(meetingConfig);
                       
                    window.open(joinUrl, "_blank");

                       
                    },
                });

i am using component view (Web View)

4

In my implementation, I used the following function to generate the working signature:

function generateSignature(apiKey, apiSecret, meetingNumber, role) {
  const iat = Math.round(new Date().getTime() / 1000) - 30;
  const exp = iat + 60 * 60 * 2;
  const oHeader = { alg: "HS256", typ: "JWT" };

  const oPayload = {
    sdkKey: apiKey,
    appKey: apiKey,
    mn: meetingNumber,
    role: role,
    iat: iat,
    exp: exp,
    tokenExp: exp,
  };

  const sHeader = JSON.stringify(oHeader);
  const sPayload = JSON.stringify(oPayload);
  return KJUR.jws.JWS.sign("HS256", sHeader, sPayload, apiSecret);
}

And the ZoomMtg.join call looks like this:

const signature = generateSignature(
        ZOOM_SDK_KEY,
        ZOOM_SDK_SECRET,
        meetingId,
        0
);
ZoomMtg.join({
  sdkKey: ZOOM_SDK_KEY,
  signature,
  meetingNumber: meetingId,
  passWord: meetingPassword ?? null,
  userName: "Test user",
  userEmail: "test@example.com",
  zak: null,
    success: (success) => {
       console.log(success);
    }
});

As long as the ZOOM_SDK_KEY, ZOOM_SDK_SECRET, meetingId and meetingPassword are correct it should connect.

5

Thanks for the code.

Does your code also prevent “The Signature has expired” error and suddenly the meeting ends

6

Haven’t seen that in my case, but note this line in the code:
const iat = Math.round(new Date().getTime() / 1000) - 30;
is based on the current time of the computer or server the code is running on. Is it possible the time is not correct and so when it reaches Zoom servers it shows the signature as expired?

7

AccessDeniedAccess DeniedK7FW65NSZJ4AY7ZKLXH6y9y/gpRtuEZcGX7Eh8tkUx8JKmBJEZMxEqWhTZO2rGL3SWmDRlnW3YLJtcwOoUklnDJNemg=
pre load wasm success: //source.zoom.us/2.14.0/lib/av/1503_audio.encode.wasm

Join meeting error: {method: ‘join’, status: false, result: ‘Invalid signature.’, errorMessage: ‘Signature is invalid.’, errorCode: 3712}

8

please explain in details: const iat = Math.round(new Date().getTime() / 1000) - 30;

9

Hi @c.egeolu , here is more details about math.round potential issue:

11

@c.egeolu The signature attribute is based on JSON Web Tokens. In JWT, the iat attribute indicates when the token was issued (which in my implementation was the current timestamp minus 30 seconds to avoid issues with round, like the one @gianni.zoom posted).

Based on iat, the exp attribute is calculated, which is when the token expires.

You can see more info about these two attributes here JSON Web Token Claims

12

Can you please share a complete working sample code using javascript to generate the signature without using JWT and removing the using Math.round()

13

Hi @c.egeolu ,

You need the JWT to generate the signature, but please see the attached code sample on our postman workspace:

https://www.postman.com/zoom-developer/workspace/zoom-public-workspace/request/22097587-177f9fb7-6824-41fa-8de6-3b1971ca70fc

14

Thanks for your prompt response.

This is the function i used to generate the signature

function generateZoomSignaturecustom(meetingNumber, apiKey, apiSecret, role, timestamp)

{
// Concatenate the required information
var signature = apiKey + meetingNumber + timestamp + role;

        // Generate a hash using the API Secret and concatenate it with the signature
        var hash = CryptoJS.HmacSHA256(signature, apiSecret).toString(CryptoJS.enc.Base64);
        var signature = apiKey + "." + meetingNumber + "." + timestamp + "." + role + "." + hash;

        // Return the generated signature
        return signature;
    }

// i called the above function
var signature2 = generateZoomSignaturecustom(meetingNumber, apikey, SECRETkey, 0, Math.round(new Date().getTime() / 1000));

can this also help?

15

Hi @c.egeolu ,

Did you test the value you received to check if it works?

16

I got Signature invalid for some system while others were able to connect.

I have about 30 people connecting simultaneously. Some could connect while others were having Signature invalid.

Below is the new function to connect

function generateZoomJWT(apiKey, apiSecret, meetingNumber, role) {

return new Promise((resolve, reject) => {

const iat =  (new Date().getTime()-30000)/1000;
const exp = iat + 60 * 60 * 2
const oHeader = { alg: 'HS256', typ: 'JWT' }

const oPayload = {
    sdkKey: apiKey,
    appKey: apiKey,
    mn: meetingNumber,
    role: 0,
    iat: iat,
    exp: exp,
    tokenExp: exp
}

const sHeader = JSON.stringify(oHeader)
const sPayload = JSON.stringify(oPayload)
const sdkJWT = KJUR.jws.JWS.sign('HS256', sHeader, sPayload, apiSecret)
   resolve(sdkJWT)
     });

}

17

Hi @c.egeolu ,

You may be running into a similar issue outlined here:

Please use this script to create your signature:

Thanks!

18

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.