Zoom-sdk-ios does not call onMobileRTCAuthReturn if authentication fails using JWT

sorousha · September 28, 2020, 9:49pm

Description
When using a JWT for authentication, if the token is incorrect and authentication fails, onMobileRTCAuthReturn is never called.

Which version?
v5.0.24433.0616

To Reproduce(If applicable)
Steps to reproduce the behavior:
Create an incorrect token (for example wrong tokenExp). Example:
{
“appKey”: “actual key”,
“iat”: 1601328575,
“exp”: 1601336424,
“tokenExp”: 1800 // this is wrong. it should be time since epoch
}

Additional context
Authenticate using
let authService = MobileRTC.shared().getAuthService()
authService!.delegate = self
authService!.jwtToken = “the token”
authService!.sdkAuth()

Note that calling sdkAuth when using key and secret, calls onMobileRTCAuthReturn if it fails. But in this case, it is never called in case of error.

Michael_Condon · October 7, 2020, 6:09pm

Hey @sorousha

Thanks for using the dev forum!

I am sorry onMobileRTCAuthReturn isnt being called upon having an issue with the JWT. I have seen this issue here and there before. Are you using APIKey and APISecret from the Zoom Marketplace, or SDKKey and SDKSecret?

Michael

sorousha · October 7, 2020, 8:35pm

Using SDK key and secret.

Michael_Condon · October 12, 2020, 5:08am

Hey @sorousha

The tokenExp should be in the same format as the other dates. For testing JWT’s, I use https://www.epochconverter.com/ to get the current epoch time, then on the same page I get the epoch time 24 hours in the future. I supply that value to both exp and tokenExp. Then I use https://jwt.io/ to debug the token. If you place valid parameters in the payload fields, then place your secret into the signature part of that page, you can copy the value on the left and paste it into your application. If your SDK Key/Secret accurately calls onMobileRTCAuthReturn, but the JWT does not. The JWT is indeed broken.

However, it is strange that knowingly putting in a bad JWT does not trigger onMobileRTCAuthReturn. I will let the team know. Thank you for bringing this to our attention!

Let us know if you have any other issues.
Michael

pedmonston · March 9, 2021, 9:10pm

I am experiencing the same issue, where putting in an intentionally bad JWT does not trigger a callback to onMobileRTCAuthReturn or onMobileRTCAuthExpired. Is there any way to be notified when sdkAuth fails in this way? Or is this a known issue with the SDK?

Michael_Condon · March 9, 2021, 11:15pm

Hey @pedmonston,

Thanks for using the dev forum!

This is a known issue in the SDK that we hope to fix in the future.

Michael