Authorize
In the Zoom Cobrowse SDK, both the SDK_TOKEN used by the customer and the ACCESS_TOKEN used by the agent use JSON Web Tokens (JWT) to authorize the initiating and joining of sessions. Use your Cobrowse SDK application credentials to generate the JWT.
<JWTGenerator appType="cobrowse" />
Use the [Cobrowse SDK auth endpoint sample](https://github.com/zoom/cobrowsesdk-auth-endpoint-sample) to quickly, easily, and securely generate Cobrowse JWTs.
Generate agent and customer JWTs
Get your Zoom SDK key and secret. Use these credentials to generate your agent and customer JWTs. Generate these JWTs where you can securely store your Zoom SDK credentials, such as through a backend (server-side) function.
- Customer JWT - Uses a
role_typeof1for theSDK_TOKEN. - Agent JWT - Uses a
role_typeof2for theACCESS_TOKEN.
JWTs consist of three parts: a header, a payload, and a signature.
Header
The header includes the specification of the signing algorithm and the type of token.
| Key | Value |
|---|---|
| alg | HS256 |
| typ | JWT |
Sample header
{
"alg": "HS256",
"typ": "JWT"
}
Payload
The JWT payload contains the token's claims, information about the user, and any required metadata. The main difference between the customer JWT payload and the agent JWT payload is the role_type. The customer JWT uses a value of 1 and the agent JWT uses a value of 2.
| Key | Necessity | Value |
|---|---|---|
app_key | Required | Your Zoom SDK key. |
role_type | Required | The user role, use 1 for customer or 2 for agent. Numeric type. |
iat | Required | The token issue timestamp. |
exp | Required | The JWT expiration timestamp. Values: Min = 1800 seconds greater than the iat value, max = 48 hours greater than the iat value. In epoch format. |
user_id | Required | The uniquely identifiable user ID. Be sure not to use the same ID for different users within a session. |
user_name | Required | The user name, maximum length 80. |
enable_byop | Optional | Whether to enable Bring Your Own PIN (BYOP) mode. Use 1 to enable and 0 or omit key to disable. Not enabled by default. |
Sample customer JWT payload
{
"app_key": "Btwh77nPkKIwwVKaKd1Jb0XuhntVXAJa1213",
"role_type": 1,
"iat": 1723102859,
"exp": 1723103759,
"user_id": "user1_customer",
"user_name": "customer",
"enable_byop": 1
}
Sample agent JWT payload
{
"app_key": "Btwh77nPkKIwwVKaKd1Jb0XuhntVXAJa1213",
"role_type": 2,
"iat": 1723102859,
"exp": 1723103759,
"user_id": "user2_agent",
"user_name": "agent"
}
Signature
To create a signature for the JWT, you must encrypt the header and payload with the Zoom SDK Secret through an HMAC SHA256 algorithm.
| Key | value |
|---|---|
ZOOM_COBROWSE_SDK_SECRET | Required, your Zoom SDK secret。 |
Sample signature
HMACSHA256(
base64UrlEncode(header) + "." + base64UrlEncode(payload),
ZOOM_COBROWSE_SDK_SECRET,
);
Sample JWT
The encoded customer and agent JWTs will look similar.
<JWT_TOKEN>
Sample code
The Node.js sample code below shows how to generate a Zoom SDK JWT using jsrsasign, an open-source cryptographic JavaScript library. For additional JWT libraries and code samples in more languages, see JWT.io.
const KJUR = require("jsrsasign");
// https://www.npmjs.com/package/jsrsasign
const iat = Math.round(new Date().getTime() / 1000) - 30;
const exp = iat + 60 * 60 * 2;
const oHeader = { alg: "HS256", typ: "JWT" };
const oPayload = {
user_id: "user2_agent",
user_name: "user2_agent",
app_key: process.env.ZOOM_SDK_KEY,
role_type: 2,
iat: iat,
exp: exp,
// "enable_byop": 1 // to enable BYOP in customer JWT
};
const sHeader = JSON.stringify(oHeader);
const sPayload = JSON.stringify(oPayload);
const COBROWSE_SDK_JWT = KJUR.jws.JWS.sign(
"HS256",
sHeader,
sPayload,
process.env.ZOOM_SDK_SECRET,
);
console.log(COBROWSE_SDK_JWT);