WebSdk 2.9.5 intermittent "invalid signature" when joining Meeting

Hi,
When Joining a meeting with SDK 2.9.5, sometimes I get “invalid signature” error. (It shows the zoom pop-up with the message).

The signature is not undefined and it is fetched from our GraphQL Api, and sometimes when you hit “retry” button it joins the meeting, sometimes not.

Back-end is not accusing any error and the signature is retrieve before we join the meeting. Most of the time it works on first Join.

Browser Console Error
{type: ‘JOIN_MEETING_FAILED’, reason: ‘Signature is invalid.’, errorCode: 3712}

Which Web Meeting SDK version?
2.9.5

Meeting SDK Code Snippets
The code snippets that are causing the error / issue so we can reproduce.

To Reproduce(If applicable)
Steps to reproduce the behavior:

  1. Go to ‘…’
  2. Click on ‘…’
  3. Scroll down to ‘…’
  4. See error

Screenshots
If applicable, add screenshots to help explain your problem.

Troubleshooting Routes
The troubleshooting attempt types you’ve already exhausted, including testing with the appropriate sample app (found on Zoom · GitHub).

Device (please complete the following information):

  • Device: [e.g. Macbook Pro]
  • OS: [e.g. macOS 11]
  • Browser: Chrome
  • Browser Version : Most up-to-date

Additional context
Add any other context about the problem here.

@eliseu.baldo ,

could you share how you might be generating the signature?

Here’s how we do :

@SneakyThrows
public String generateSdkSignature(String meetingNumber, Optional optionalRole) {
try {
log.debug(
String.format(
“generateSignature:: meetingNumber: %s, role: %s”, meetingNumber, optionalRole));
Integer role = optionalRole.isPresent() ? optionalRole.get() : PARTICIPANT_ROLE;
Mac hasher = Mac.getInstance(HMAC_SHA_256);
long iat = Math.round((new Date().getTime() - 30000) / 1000);
long exp = iat + 60 * 60 * 2;
String header = “{"alg":"HS256","typ":"JWT"}”;
String header64 = Base64.getUrlEncoder().encodeToString(header.getBytes());
String payload =
String.format(
“{”
+ “"sdkKey":"%s",”
+ “"mn":"%s",”
+ “"role":%d,”
+ “"iat":%d,”
+ “"exp":%d,”
+ “"appKey":"%s",”
+ “"tokenExp":%d”
+ “}”,
zoomProperties.getSdkKey(),
meetingNumber,
role,
iat,
exp,
zoomProperties.getSdkKey(),
exp);
String payload64 =
Base64.getUrlEncoder().encodeToString(payload.getBytes()).replaceAll(“\=+$”, “”);
hasher.init(new SecretKeySpec(zoomProperties.getSdkSecret().getBytes(), HMAC_SHA_256));
byte hash = hasher.doFinal((header64 + “.” + payload64).getBytes());
String hashBase64Str = DatatypeConverter.printBase64Binary(hash).replaceAll(“\=+$”, “”);
String tmpString = String.format(“%s.%s.%s”, header64, payload64, hashBase64Str);
return tmpString;
} catch (NoSuchAlgorithmException | InvalidKeyException e) {
log.error(“Error in generate signature”, e);
throw e;
}
}

Please, see below the Back-end code get the signature

Hey @eliseu.baldo ,

I have a few questions that will help us investigate this.

  1. When did you create your Meeting SDK app type?

  2. Was this working for you and then recently stop working?

  3. Are you running your generation code on the server side in the UTC timezone?

Best,
Tommy

Hey @tommy ,

When did you create your Meeting SDK app type?

  • Right before joining the meeting, we generate token

Was this working for you and then recently stop working?

  • Before this we using API key to generate signature. Even this signature it is failing intermittently. 1 out of 5 times, it generates error

Are you running your generation code on the server side in the UTC timezone?

  • Yes, server side is IN UTC timezone.

Hey @eliseu.baldo ,

Thanks for your answers. Can you let me know when you created your Meeting SDK app type in the marketplace build flow?

Best,
Tommy

Hey @tommy
It was created november 1st 2022

Thanks @eliseu.baldo ,

And can you confirm you are using the SDK Key and SDK Secret to generate the Meeting SDK JWT, or the OAuth Client ID and Client Secret?

You will need to use SDK Key and SDK Secret.

Thanks,
Tommy

Yes, we are using SDK Key and SDK Secret to generate the meeting JWT.

OAuth is used to communicate with zoom server on the BE.

1 Like

Okay thanks, everything looks correct on your end.

We are taking a look around any timestamp logic improvements.

In the meantime, we did see this suggestion: Invalid signature after migrating to SDK JWT (v2.9.7)

Best,
Tommy

Hi @tommy ,

that solution did work for now. Thanks for sharing!

1 Like

Happy to hear that @eliseu.baldo !

-Tommy