Requirement:
- I need to be able to use my Custom web client to
- Create a meeting in the BigBlueButton server by using the BBB REST API.
- Join a meeting in the BigBlueButton server using the BBB REST API and share the resulting meeting URL to client.
Bad idea. For your API secret to stay a secret, it MUST NOT leave the server. Your web client is public, everything it does is public. Using the API secret directly in a web client makes it public, too. You always need a trusted server-side component to issue /create calls or generate /join links. And since server-side HTTP clients are not bound to CORS restrictions, your CORS problems disappears as soon as you do it the way it was intended.
The issues:
- For the custom web client, I am able to create a meeting by calling the POST create API
- However, while trying to join the meeting (with GET join API) from my custom web client I was facing CORS issue with error 403 (Unauthorized). The Firefox browser network calls and console screenshots for this are attached (api-calls-1.png and console-1.png).
- After this change is done the CORS errors are apparently solved but joining the meeting (with GET join API) returns HTTP 404 (not found) error. The browser network calls and console screenshots (api-calls-2.png and console-2.png) are attached.
Why are you fetching the join link via JavaScript? Your web
client should ask your trusted server-side component to /create a
meeting and return a valid /join link for that meeting (the one
with meetingID and checksum in it, NOT the one with a
sessionToken) and then open a new window, popup, or frame with
that URL in it. That's it.