Description
I’m investigating using the websdk. And I have a minimal development setup working fine. I have a back-end endpoint to provide the signature. I also was able to hide the join link in the front-end thank to the answer web-sdk-hide-meeting-information.
Now my intuitive understanding was that a client can only join a room if it has access to a valid signature. And since my back-end has control over who gets the signature it has also control over who can join what meeting.
But then I noticed that the websdk (specifically ZoomMtg.join) also requires the meeting number and the meeting password (additionally to the signature). And my understanding is that the meeting number and the meeting password are enough to join the meeting (for example through zoom.us/j/<meetingNumber>
).
Is my understanding correct?
What security benefit does the signature provide?
Thanks!