Zoom-sdk-ios does not call onMobileRTCAuthReturn if authentication fails using JWT

When using a JWT for authentication, if the token is incorrect and authentication fails, onMobileRTCAuthReturn is never called.

Which version?

To Reproduce(If applicable)
Steps to reproduce the behavior:
Create an incorrect token (for example wrong tokenExp). Example:
“appKey”: “actual key”,
“iat”: 1601328575,
“exp”: 1601336424,
“tokenExp”: 1800 // this is wrong. it should be time since epoch

Additional context
Authenticate using
let authService = MobileRTC.shared().getAuthService()
authService!.delegate = self
authService!.jwtToken = “the token”

Note that calling sdkAuth when using key and secret, calls onMobileRTCAuthReturn if it fails. But in this case, it is never called in case of error.

Hey @sorousha

Thanks for using the dev forum!

I am sorry onMobileRTCAuthReturn isnt being called upon having an issue with the JWT. I have seen this issue here and there before. Are you using APIKey and APISecret from the Zoom Marketplace, or SDKKey and SDKSecret?


Using SDK key and secret.

Hey @sorousha

The tokenExp should be in the same format as the other dates. For testing JWT’s, I use https://www.epochconverter.com/ to get the current epoch time, then on the same page I get the epoch time 24 hours in the future. I supply that value to both exp and tokenExp. Then I use https://jwt.io/ to debug the token. If you place valid parameters in the payload fields, then place your secret into the signature part of that page, you can copy the value on the left and paste it into your application. If your SDK Key/Secret accurately calls onMobileRTCAuthReturn, but the JWT does not. The JWT is indeed broken.

However, it is strange that knowingly putting in a bad JWT does not trigger onMobileRTCAuthReturn. I will let the team know. Thank you for bringing this to our attention!

Let us know if you have any other issues.

I am experiencing the same issue, where putting in an intentionally bad JWT does not trigger a callback to onMobileRTCAuthReturn or onMobileRTCAuthExpired. Is there any way to be notified when sdkAuth fails in this way? Or is this a known issue with the SDK?

Hey @pedmonston,

Thanks for using the dev forum!

This is a known issue in the SDK that we hope to fix in the future.