Zoom Rooms 'Join' API doesn't work with many meeting passwords

tom.usher · May 14, 2020, 9:25am

Description
We use the Zoom Rooms ‘Join’ API to make rooms join meetings on-demand.

This endpoint has the restriction that “Password may only contain the following characters: [a-z A-Z 0-9 @ – _ *]. Max of 10 characters.”.

However, recent Zoom security changes have increased the security of auto-generated passwords so they include characters outside of this allowed set of characters (?, #, etc.).

This means we can’t use this API endpoint for many Zoom meetings.

Error
On triggering the API with a password containing ‘invalid’ characters:

{'jsonrpc': '2.0', 'error': {'code': 32602, 'message': 'Validation Failed.', 'data': [{'field': 'params.password', 'message': 'Invalid field.'}]}}

Which Endpoint/s?

tommy · May 19, 2020, 6:40pm

Hey @tom.usher,

Thanks for sharing this. Our engineering team is investigating. I will get back to you with updates. (ZOOM-162547)

Thanks,
Tommy

tommy · May 20, 2020, 6:06pm

Hey @tom.usher,

We updated our docs to include the new password requirements:

Make sure the password you are setting aligns with your password strength requirements in your settings.

Thanks,
Tommy

tom.usher · May 21, 2020, 9:12am

Thanks for looking in to this and updating the documentation so promptly.

However, this doesn’t seem to align with what we’re currently seeing:

Meetings that are created with ‘Free’ accounts do not have the option to set minimum password requirements
There are no minimum password requirements set on the account that owns the Zoom Rooms
Meetings that are generated using the ‘New Meeting’ button, or via the Slack integration get generated with passwords that aren’t compatible (e.g w46!(i{74n)

So in summary:

A user with a free account creates a meeting, a password like w46!(i{74n might be generated.
Attempting to make the room join the meeting using this password results in an error
There are no minimum password requirements set on either account

tommy · May 27, 2020, 9:54pm

Hey @tom.usher,

Gotcha, thanks we will look into this further.

-Tommy

tommy · June 4, 2020, 5:42am

Hey @tom.usher,

I need some additional details.

What is the exact error message you are seeing, and what is your account #?

Thanks,
Tommy

tom.usher · June 4, 2020, 9:26am

No problem.

The account which ‘owns’ the Zoom Rooms is 442755. We created an unpublished app in the marketplace called ‘Zoom Room Joiner’ associated with this account, which is being used to join calls.

The host of a call can be any other Zoom account, we have tried with multiple.

The exact error is, when POSTing

{
  "jsonrpc": "2.0",
  "method": "join",
  "params": {
    "meeting_number": "{any given meeting number with spaces/dashes removed}",
    "password": "{password containing invalid characters}",
    "force_accept": false,
  }
}

to https://api.zoom.us/v2/rooms/{roomId}/meetings where roomId is the value of an ID returned from https://api.zoom.us/v2/rooms.

The error is:

{'jsonrpc': '2.0', 'error': {'code': 32602, 'message': 'Validation Failed.', 'data': [{'field': 'params.password', 'message': 'Invalid field.'}]}}

tommy · June 9, 2020, 9:17pm

Thanks for the details @tom.usher,

We should be able to figure this out now.

Thanks for your patience,
Tommy

tommy · June 10, 2020, 4:38pm

Hey @tom.usher,

We are still not able to reproduce this issue. Can you please try creating a meeting with the same password using the Create Meeting API or Zoom Web Portal. Let me know if you see the same error message.

Thanks,
Tommy

tom.usher · June 11, 2020, 9:27am

Here’s a python script which replicates the issue:

import requests

API_URL = "https://api.zoom.us/v2/"
USER_ID = "[redacted]"
PERSONAL_JWT_TOKEN = "[redacted]"
ZOOMROOM_JWT_TOKEN = "[redacted]"

MEETING_PASSWORD = "w46!(i{74n"
ZOOM_ROOM_ID = "[redacted]"

def create_meeting():
    body = {
        "topic": "Test Meeting",
        "type": 1,
        "password": MEETING_PASSWORD,
    }
    res = requests.post(
        f"{API_URL}users/{USER_ID}/meetings",
        json=body,
        headers={"Authorization": f"Bearer {PERSONAL_JWT_TOKEN}"},
    )
    return res.json()


def zoom_room_join_meeting(meeting_id):
    body = {
        "jsonrpc": "2.0",
        "method": "join",
        "params": {"meeting_number": meeting_id, "password": MEETING_PASSWORD},
    }

    res = requests.post(
        f"{API_URL}rooms/{ZOOM_ROOM_ID}/meetings",
        json=body,
        headers={"Authorization": f"Bearer {ZOOMROOM_JWT_TOKEN}"},
    )
    return res


meeting = create_meeting()
res = zoom_room_join_meeting(meeting["id"])
print(res.content)

where:

USER_ID is my user ID as returned from GET /users using a JWT token from my personal account.
PERSONAL_JWT_TOKEN is a JWT token generated from the app marketplace on a test app created on my personal account.
ZOOMROOM_JWT_TOKEN is a JWT token generated from the app marketpalce on the Zoom Room Joiner app owned by the account which also owns the Zoom Rooms.
MEETING_PASSWORD is an example of a password that has been generated automatically by the Zoom client when a user has created a meeting in the past.
ZOOM_ROOM_ID is the ID of the Zoom Room I’m attempting to make join, as returned by GET /rooms using the Zoom Room Joiner JWT token.

When MEETING_PASSWORD is w46!(i{74n, the output of the script is:

b'{"jsonrpc":"2.0","error":{"code":32602,"message":"Validation Failed.","data":[{"field":"params.password","message":"Invalid field."}]}}'

and the room fails to join.

When MEETING_PASSWORD is test123, the output of the script is:

b'{"jsonrpc":"2.0","result":{"room_id":"[redacted]","send_at":"2020-06-11T09:25:03Z"},"id":"a138c758-a43d-487a-bf5f-dfc6df7a0b75"}'

and the room joins successfully.

Hope that’s useful! Let me know if I can provide any more details.

tommy · June 16, 2020, 9:55pm

Hey @tom.usher,

Thanks for the script and additional details, I will provide you with an update once we figure out the issue.

-Tommy

tommy · June 17, 2020, 4:34pm

Hey @tom.usher,

Hi, we have found the root cause, this is a bug, we will fix it in the future.

Can you confirm this error happens when scheduling a Zoom Room meeting?

“{{b’{“jsonrpc”:“2.0”,“error”:{“code”:32602,“message”:“Validation Failed.”,“data”:[
{“field”:“params.password”,“message”:“Invalid field.”}
]}}’}}"

Thanks,
Tommy

tom.usher · June 18, 2020, 10:06am

Thanks Tommy!

Yes I get the same error when scheduling a Zoom Room meeting with the same password.

tommy · June 23, 2020, 5:25pm

Hey @tom.usher,

We will be releasing the fix for this in mid July.

Thanks for your patience,
Tommy

DeveloperBot · August 21, 2020, 10:23pm