# Authorize

<!-- WARNING: THIS FILE WAS AUTOGENERATED! DO NOT EDIT! -->

In the Zoom Cobrowse SDK, both the `SDK_TOKEN` used by the customer and the `ACCESS_TOKEN` used by the agent use JSON Web Tokens (JWT) to authorize the initiating and joining of sessions. Use your Cobrowse SDK application credentials to generate the JWT.

    <JWTGenerator appType="cobrowse" />


    Use the [Cobrowse SDK auth endpoint sample](https://github.com/zoom/cobrowsesdk-auth-endpoint-sample) to quickly, easily, and securely generate Cobrowse JWTs.

## Generate agent and customer JWTs

[Get your Zoom SDK key and secret](/docs/cobrowse-sdk/get-started/#get-sdk-credentials). Use these credentials to generate your agent and customer JWTs. Generate these JWTs where you can securely store your Zoom SDK credentials, such as through a backend (server-side) function.

-   **Customer JWT** - Uses a `role_type` of `1` for the `SDK_TOKEN`.
-   **Agent JWT** - Uses a `role_type` of `2` for the `ACCESS_TOKEN`.

JWTs consist of three parts: a header, a payload, and a signature.

## Header

The header includes the specification of the signing algorithm and the type of token.

| Key | Value   |
| --- | ------- |
| alg | `HS256` |
| typ | `JWT`   |

**Sample header**

```json
{
    "alg": "HS256",
    "typ": "JWT"
}
```

## Payload

The JWT payload contains the token's claims, information about the user, and any required metadata. The main difference between the customer JWT payload and the agent JWT payload is the `role_type`. The customer JWT uses a value of `1` and the agent JWT uses a value of `2`.

| Key           | Necessity | Value                                                                                                                                                |
| ------------- | --------- | ---------------------------------------------------------------------------------------------------------------------------------------------------- |
| `app_key`     | Required  | Your Zoom SDK key.                                                                                                                                   |
| `role_type`   | Required  | The user role, use `1` for customer or `2` for agent. Numeric type.                                                                                  |
| `iat`         | Required  | The token issue timestamp.                                                                                                                           |
| `exp`         | Required  | The JWT expiration timestamp. Values: Min = 1800 seconds greater than the `iat` value, max = 48 hours greater than the `iat` value. In epoch format. |
| `user_id`     | Required  | The uniquely identifiable user ID. Be sure not to use the same ID for different users within a session.                                              |
| `user_name`   | Required  | The user name, maximum length 80.                                                                                                                    |
| `enable_byop` | Optional  | Whether to enable Bring Your Own PIN (BYOP) mode. Use `1` to enable and `0` or omit key to disable. _Not enabled by default_.                        |

**Sample customer JWT payload**

```json
{
    "app_key": "Btwh77nPkKIwwVKaKd1Jb0XuhntVXAJa1213",
    "role_type": 1,
    "iat": 1723102859,
    "exp": 1723103759,
    "user_id": "user1_customer",
    "user_name": "customer",
    "enable_byop": 1
}
```

**Sample agent JWT payload**

```json
{
    "app_key": "Btwh77nPkKIwwVKaKd1Jb0XuhntVXAJa1213",
    "role_type": 2,
    "iat": 1723102859,
    "exp": 1723103759,
    "user_id": "user2_agent",
    "user_name": "agent"
}
```

## Signature

To create a signature for the JWT, you must encrypt the header and payload with the Zoom SDK Secret through an HMAC SHA256 algorithm.

| Key                        | value                            |
| -------------------------- | -------------------------------- |
| `ZOOM_COBROWSE_SDK_SECRET` | Required, your Zoom SDK secret。 |

### Sample signature

```javascript
HMACSHA256(
    base64UrlEncode(header) + "." + base64UrlEncode(payload),
    ZOOM_COBROWSE_SDK_SECRET,
);
```

### Sample JWT

The encoded customer and agent JWTs will look similar.

```plaintext
<JWT_TOKEN>
```

## Sample code

The Node.js sample code below shows how to generate a Zoom SDK JWT using [`jsrsasign`](https://www.npmjs.com/package/jsrsasign), an open-source cryptographic JavaScript library. For additional JWT libraries and code samples in more languages, see [JWT.io](https://jwt.io/libraries).

```javascript
const KJUR = require("jsrsasign");
// https://www.npmjs.com/package/jsrsasign

const iat = Math.round(new Date().getTime() / 1000) - 30;
const exp = iat + 60 * 60 * 2;
const oHeader = { alg: "HS256", typ: "JWT" };

const oPayload = {
    user_id: "user2_agent",
    user_name: "user2_agent",
    app_key: process.env.ZOOM_SDK_KEY,
    role_type: 2,
    iat: iat,
    exp: exp,
    // "enable_byop": 1 // to enable BYOP in customer JWT
};

const sHeader = JSON.stringify(oHeader);
const sPayload = JSON.stringify(oPayload);
const COBROWSE_SDK_JWT = KJUR.jws.JWS.sign(
    "HS256",
    sHeader,
    sPayload,
    process.env.ZOOM_SDK_SECRET,
);

console.log(COBROWSE_SDK_JWT);
```