WEB SDK CDN 1.7.10 - Signature is invalid

j.kassner · July 22, 2020, 3:03pm

Description
I am trying to join an pro account opened meeting w trough the web sdk, and im always getting the error code “Signature is invalid”.
The signature is generated on node.

I really need your help because i don#t know whats wrong

Thanks for your help!

Signature Code:

const router = require(‘express’).Router();
const crypto = require(‘crypto’);
router.post(‘/signature’, async function (req, res, /* next */)
{
if (typeof req.body.meetingNumber === ‘undefined’ || typeof req.body.role === ‘undefined’)
{
res.sendStatus(401);
return;
}
const apiKey = ‘{XXX}’;
const secretKey = ‘{XXX}’;
const timestamp = new Date().getTime() - 30000;
const message = Buffer.from(apiKey + req.body.meetingNumber + timestamp + req.body.role).toString(‘base64’);
const hash = crypto.createHmac(‘sha256’, secretKey).update(message).digest(‘base64’);
const signature = Buffer.from(${apiKey}.${req.body.meetingNumber}.${timestamp}.${req.body.role}.${hash}).toString(‘base64’);
const responseData =
{
signature: signature
};
res.json(responseData);
});

Client Code:

zoomConfig = {
apiKey: API_KEY,
meetingNumber: ***********,
userName: displayname,
passWord: “378704”,
leaveUrl: “”,
role: 0
};

zoomConfigSignature =
{
“meetingNumber”: ***********,
“role”: 0
}

function initZoom(){
fetch(https://gda-jurysitzung.eventvote.de:8080/crypt/signature, {
method: ‘POST’,
headers:
{
‘Content-Type’: ‘application/json’
},
body: JSON.stringify(zoomConfigSignature)
})
.then(result => result.text())
.then(response => {
zoomSignature = JSON.parse(response);
ZoomMtg.init({
leaveUrl: ‘http://www.zoom.us’,
isSupportAV: true,
success: function () {
ZoomMtg.join(
{
signature: zoomSignature.signature,
meetingNumber: zoomConfig.meetingNumber,
userName: zoomConfig.userName,
apiKey: zoomConfig.apiKey,
userEmail: “test@web.de”,
passWord: zoomConfig.passWord,
success: function(success){
console.log(‘join meeting success’);
},
error: function(error) {
console.log(error);
}
}
);
},
error: function(res) {
console.log(res);
}
});
})
}

Error

Object

errorCode: 3712

errorMessage: “Signature is invalid.”

method: “join”

result: “Invalid signature.”

status: false

proto: Object

It always shows me the same error.

Which version?
WEB SDK CDN 1.7.10

Smartphone (please complete the following information):

Browser:[e.g. Chrome]

*This post has been edited to remove any meeting / webinar IDs

j.kassner · July 23, 2020, 6:53am

We are getting a correct signature i think : signature: “”

And the right credentails are included into the signature generator

tommy · July 24, 2020, 6:58pm

Hey @j.kassner,

Please see the solution to your question here:

Thanks,
Tommy

preciousfocus · October 9, 2020, 4:20pm

I keep getting “Signature is Invalid”.

The signature generated:

I am sure using JWT Credentials and NOT OAUTH.

This is frustrating.

Help please!

preciousfocus · October 9, 2020, 5:00pm

Now it works if the Web SDK Application is accessed via 127.0.0.1/path/to/project.
It keeps throwing “Signature is Invalid” when accessed via the ngrok.io exposed url.

will.zoom · October 12, 2020, 3:16pm

Hey @preciousfocus,

How are you generating your signature? A few things to double check:

Ensure that the JWT credentials you’re using belong to your account
Ensure you’re generating the timestamp correctly
Verify that the meeting ID you’re passing is for a valid, already scheduled meeting

You may also find it helpful to use our signature generator tool hosted on heroku to make sure this is all being handled correctly:

Let me know if this helps!

Thanks,
Will

preciousfocus · October 12, 2020, 3:23pm

Hey @will.zoom,
As provided by Zoom, here’s how I generate signature:

function generate_signature ( $api_key, $api_secret, $meeting_number, $role){

	$time = time() * 1000 - 30000;//time in milliseconds (or close enough)
	
	$data = base64_encode($api_key . $meeting_number . $time . $role);
	
	$hash = hash_hmac('sha256', $data, $api_secret, true);
	
	$_sig = $api_key . "." . $meeting_number . "." . $time . "." . $role . "." . base64_encode($hash);
	
	//return signature, url safe base64 encoded
	return rtrim(strtr(base64_encode($_sig), '+/', '-_'), '=');
}

Yes, the JWT credentials belong to same account as the meeting.

The meeting ID is correct and works fine on Zoom.

will.zoom · October 13, 2020, 6:45pm

Hey @preciousfocus,

Thanks for sharing that. Are you on a Pro or higher Zoom plan? If you’re on a Basic plan, this could be causing the issue.

Thanks,
Will

preciousfocus · October 15, 2020, 11:55am

*** Ensure that the JWT credentials you’re using belong to your account**
@will.zoom
Does this mean that on the JWT App, other users cannot join meetings they have created externally even when they have provided the right meeting credentials?

will.zoom · October 16, 2020, 8:31pm

Hey @preciousfocus,

No, sorry for any confusion—other users can join a meeting via the Web SDK. However, in order to start the meeting as host via the Web SDK, you must ensure that you the credentials you’re using are associated with your own account.

I hope this helps to clarify!
-Will

Topic		Replies	Views
Getting error Signature is Invalid - Web SDK Integration Web	4	259	December 9, 2023
Signature invalid Web	16	888	August 25, 2023
Invalid signature using Web SDK Web	7	4233	May 8, 2021
Signature is invalid for Web SDK and JWT app Web	3	1147	December 6, 2021
Web Embedded Meeting SDK errorCode: 3712 reason: "Signature is invalid." Web web-meeting-sdk	6	2184	May 27, 2022

WEB SDK CDN 1.7.10 - Signature is invalid

Related Topics