Haven’t seen that in my case, but note this line in the code:
const iat = Math.round(new Date().getTime() / 1000) - 30;
is based on the current time of the computer or server the code is running on. Is it possible the time is not correct and so when it reaches Zoom servers it shows the signature as expired?