'Signature is invalid.', with meeting number created by other accounts

Meeting SDK Type and Version
@zoomus/websdk: 2.7.0
App status:

• Intend to publish: Yes

• Still Draft not published yet.

Description
I’m building websdk app with “@zoomus/websdk: 2.7.0” which is not published yet, and successfully integrated meetings created by my dev account (= which I registered SDK app with).

When I tried to join meetings created by other accounts, it fails with the error below.

reason: ‘Signature is invalid.’, errorCode: 3712

I believe MyApp can be used not only myself but others when it is published.
Let me confirm

• My app can be used by other zoom users once sdk app published ?
• If so, can we test sdk with meeting created by others before published ?
• What if “Intend to publish: No” ? Does it mean ONLY the developer account use the App?

Error?
{type: ‘JOIN_MEETING_FAILED’, reason: ‘Signature is invalid.’, errorCode: 3712}

How To Reproduce
*1. Build SDK APP (Intend to publish: Yes) / Keep it’s not published yet.
*2. Generate signature and join meeting with a meeting number created by not the developer account.
*3. You will get error described.

with the old JWT Signature and role = 0 it is possible (last used in April 2022)

Hi @c-cloud ,

How did you generate your signature?

Web Meeting SDK version 2.7.0 and higher requires using SDK App type credentials. Versions 2.6.0 and lower will continue to support using JWT App type credentials until June 2023 . See the migration guide for switching to the SDK App type.

Did you use the SDK App type credentials?

Best,
Gianni

Hi Gianni, thank you for your reply.

Yes, I use SDK APP type credentials and I know from 2.7.0 the way to generate signature is different from the older one.

And signature is working definitely when I start meeting with MY meeting number , so problem doesn’t seem to be credential or way to generate signature,

It seems that we can’t test SDK App with meeting number which is created by OTHERS, is it right ?

Hi @c-cloud ,

In order to start a meeting created by another user, you need their ZAK token.

Yes this is correct.

Yes this is correct.

Hope this helps!

Hi Gianni,
Thank you for your help! Now, my questions are almost clear.
Let me clarify one last thing.

ZAK token is only used for START their meeting, so
in my understanding, people can JOIN a meeting without ZAK token after SDK app is published, is it right ?

just tested with 2.7.0

main account (pro) with Meeting SDK App
second account (free)

meeting settings on the second account

• Registration not required
• no waiting room
• Options: Allow participants to join anytime

no ZAK token

enter/start the meeting of the second account with the signature generated from app of the first account

• role = 0 (attendee) → no problem
• role = 1 (host) → Joining meeting timeout. Signature is invalid.

it is not possible to enter a meeting of another account as host
(if that were possible it would be an extreme security problem)

Hi Jürgen,

Thank your letting me know your test result.
Just realized wrongly input role with meeting created by other accounts, and I can test it even if it is not published yet.

Conclusion:

• To START your own meeting, you don’t need to include ZAK token. Your sdk key handles it.
• To START meeting other account created, you need to include ZAK token.
• To JOIN any meeting, you don’t need to include ZAK token. You can test it even if your app is not published yet.

Thank you for everyone!

Thank you both @j.schoenemeyer @c-cloud for your contributions to our developer community

Hi developers,
I’m having issue with zoom SDK.
We are were able to generate client ID and client secret from zoom market place. However when we want to start or join a meeting we get error “Meeting timed out. Signature is invalid” we have to click retry for a couple of times before it finally works.
I will appreciate your contributions please.
Best Regards,
Dele

try to modify the iat in the signature (default = 30 sec, change it some minutes)