We have recently updated to the newly suggested event webhook verification strategy and now use the
x-zm-signature header and construct a hash using the event body.
We have noticed that event verification is consistently failing for events where the request body contains user names with emojis. Most emojis cause problems, but some emojis (e.g. ) don’t.
Please see an image of our logs here, all events that fail verification have this property in common.
In contrast, see logs for the rest of the events of this meeting, events are successfully validated if emojis are not present in the names (blue bars on the left show success status) here.
Constructed signature and signature sent in the
x-zm-signature header are not equal only for these cases. It works fine for the rest of the events.
How To Reproduce
This is difficult to reproduce because Zoom does not allow adding any of the emojis shown above in the user name or display name any more. My understanding is that users that have emojis in their names are older accounts from a time this was not validated. The few emojis that are currently supported in names (e.g. ,,,, ) work fine.