[Web SDK] Random "Joining meeting timeout. Signature is invalid" error

Description
We are trying to integrate Zoom into our application using Web SDK and only one issue has not resolved yet. We faced with “Joining meeting timeout. Signature is invalid” randomly on both of our environments (development and staging). After clicking several times on “retry” button user is able to join to the meeting successfully. It occurs for every meeting for any user. We were able to find several opened issues in your devforum but they were not very helpful (Clock sync was suggested as a solution. But clock is synchronized in our environments for sure because we had sync clock issue with other integration). Could you help as to figure out what is the reason of this randomly occurred error? We are using ruby language to generate signature using the code snippet provided in your documentation and JWT zoom application for integration

Thank you.

Error
Joining meeting timeout. Signature is invalid

Which version?
We are using CDN solution. The version is 1.7.9.

To Reproduce(If applicable)
Steps to reproduce the behavior:

1. Initiate joining to the meeting using JS (ZoomMtg.join method)
2. User sees an error message ‘Joining meeting timeout. Signature is invalid’
3. Click retry several times
4. User is successfully joined to the meeting.

Laptop (please complete the following information):

• Does not matter. It is reproducible in different devices and different OS

Additional context
Tried to use other possible variations of signature generation. Tried to use UTC timezone explicitly. Both of this actions did not resolve the problem.

Hey @onboardu,

Can you please share your Web SDK signature that is throwing this error to developersupport@zoom.us so I can debug it?

Thanks,
Tommy

Hi Tommy,

Here is invalid signature received after first attempt to join the meeting (after two retries I was able to join the meeting using another signature):

Hey @onboardu,

Are you still having issues then?

Thanks,
Tommy

Hi @tommy ,

Yes we are. Every time when we try to join to the meeting, we have to make 3 or more retries until successful join.

Hi @onboardu and @tommy,

I actually noticed that the sample Ruby code nearly always generates this error for me. I adapted the following code from another forum post a while back (can’t find the link right now), and it’s been working consistently:

require "base64"

module SignatureRoles
  PARTICIPANT = 0
  HOST = 1
end

def generate_signature(meeting_id:)
  # Prevent time sync issue between client signature generation and Zoom
  timestamp = (Time.now.to_f * 1000).round(0) - 30000

  role = <logic for host or participant> ? SignatureRoles::HOST : SignatureRoles::PARTICIPANT
  key = Rails.application.config.zoom.api_key
  secret = Rails.application.config.zoom.api_secret

  message = Base64.strict_encode64([key, meeting_id, timestamp, role].join)
  hash = Base64.strict_encode64(OpenSSL::HMAC.digest("SHA256", secret, message))

  Base64.strict_encode64([key, meeting_id, timestamp, role, hash].join("."))
end

Hope this helps!

Hey @onboardu,

Just FYI, you are passing role 1 into the Web SDK signature which means you are trying to start the meeting. If you are trying to join the meeting, try passing in role 0 and let me know if that fixes the issue.

Thanks,
Tommy

Hey @abiyani,

Thanks for sharing this. We will reanalyze the Ruby sample code.

-Tommy

@abiyani Thanks so much! It works!

Happy to hear that is working!

-Tommy

The problem is that ruby doesn’t use the same aphabet:

https://ruby-doc.org/stdlib-2.5.3/libdoc/base64/rdoc/Base64.html#method-i-urlsafe_encode64

the gsub is performed on the final tempStr instead of the hash only

Here is the modified version that works:

time = (Time.now.to_i * 1000 - 30000).to_s
data = Base64.urlsafe_encode64(options[:api_key] + options[:meeting_number] + time + options[:role].to_s)
hash = Base64.urlsafe_encode64(OpenSSL::HMAC.digest(OpenSSL::Digest.new('sha256'), options[:api_secret], data))
tempStr = options[:api_key] + '.' + options[:meeting_number] + '.' + time + '.' + options[:role].to_s + '.' + hash
replacedTmpStr = tempStr.gsub('-', '+').gsub('_', '/')
return Base64.urlsafe_encode64(replacedTmpStr).gsub(/#{Regexp.escape('=')}+$/, '')

Hey @cnadeau,

Thanks for posting this and contributing to the Zoom Developer Community!

-Tommy

I am facing this same issue. “Meeting Timeout” randomly occurs. I have used Signature Generation Code in Java.

Hey @umesh,

Which version of the Web SDK are you using? Can you please provide more details so we can help?

Thanks,
Tommy

We recently updated to v1.8.1.

Hey @umesh,

Can you share your Java signature generation code so I can test on my end? Make sure it matches with our sample code:

Thanks,
Tommy

Here. It is matches with sample.

 public String generateSignature(String meetingNumber, Integer role, String apiKey, String 
          apiSecret) {  
try {    
        Mac hasher = Mac.getInstance("HmacSHA256");
        String ts = Long.toString(System.currentTimeMillis() - 30000);
        String msg = String.format("%s%s%s%d", apiKey, meetingNumber, ts, role);
        hasher.init(new SecretKeySpec(apiSecret.getBytes(), "HmacSHA256"));

        String message = Base64.getEncoder().encodeToString(msg.getBytes());
        byte[] hash = hasher.doFinal(message.getBytes());

        String hashBase64Str = DatatypeConverter.printBase64Binary(hash);
        String tmpString =
                String.format("%s.%s.%s.%d.%s", apiKey, meetingNumber, ts, role, hashBase64Str);
        String encodedString = Base64.getEncoder().encodeToString(tmpString.getBytes());

        return encodedString.replaceAll("\\=+$", "");

    } catch (NoSuchAlgorithmException | InvalidKeyException e) {
        logger.error("Failed to generate signature", e);
    }
    
    return "";
}

Hello I am new in the community and I am presenting the same error in the example application with the sdk here I leave my signature if someone can help me please I am using php to generate the signature I detail code

$api_key=’’;
$api_secret=’’;
$meeting_n=;
$role=0;

echo $signa=generate_signature ( $api_key, $api_secret, $meeting_n, $role);

function generate_signature ( $api_key, $api_secret, $meeting_number, $role){

$time = time() * 1000 - 30000;//time in milliseconds (or close enough)

$data = base64_encode($api_key . $meeting_number . $time . $role);

$hash = hash_hmac('sha256', $data, $api_secret, true);

$_sig = $api_key . "." . $meeting_number . "." . $time . "." . $role . "." . base64_encode($hash);

//return signature, url safe base64 encoded
return rtrim(strtr(base64_encode($_sig), '+/', '-_'), '=');

}

Hey @bryancarvallo19,

You are using an SDK App Key and Secret to generate the Web SDK signature. You need to use a JWT App instead.

Thanks,
Tommy

Hey @umesh,

Okay, that is the correct signature. What region are you located in? Are you seeing any errors in the browser console? Are you using the CDN or Local version?

Can you try using this sample app to see if it fixes the issue:

Thanks,
Tommy