First, in your marketplace.zoom.us app build flow for this app, go to the Features tab, click on ‘Add APIs’ under the Zoom App SDK widget. Make sure the authorize API is checked on AND the onAuthorized event is checked on.
Second, add these items to your capabilities list: ‘authorize’ and ‘onAuthorized’
I wouldn’t have guessed OAuth-related methods would be disabled by default, I enabled those now.
The zoomSdk.promptAuthorize now returns { message: 'Success' } although nothing else happens.
Calling zoomSdk.onAuthorized beforehand changes nothing and the callback is not fired.
Also, I would like to have a try at zoomSdk.promptAuthorize, as I would prefer to avoid the PKCE thing, but that one returns the same initial error (API hasn't passed marketplace verification) despite I added the capability.
promtAuthorize and authorize are not substitutes for each other; they do different things.
promptAuthorize → use this when:
The user status (per the getUserContext status field) is ‘unauthenticated’, which means the user is not logged in to Zoom. This will prompt the user to log in to Zoom, and the sign in will be indicated with a onMyUserContextChange event.
The user status is ‘authenticated’, which means the user is logged in to Zoom, but has not ‘added’ the app. In this scenario, the method will take a user to the consent screen so they can add the app. After consenting, they will be returned to the App. Now, their user status will be ‘authorized’.
authorize → use this when:
User status is ‘authorized’. This will kick off an OAuth 2.0 - based exchange. The first step is to listen for and receive an onAuthorized event. This event will include a code field; you can use this code then server-side to exchange for an access token for the Zoom Rest API.
I’m developing an in-meeting app, so I’m using zoomSdk.authorize to get a code.
Regarding getting a token :
In the code you linked, payload is sent as application/json and client credentials are included in the payload (which returns unsupported_grant_type when testing).
While in the documentation, payload is sent as application/x-www-form-urlencoded and client credentials are sent as BasicAuth (which returns invalid_grant when testing).
Hi @tianalemesle - I just tested our Reference app with authorization and it worked fine. Have you tried installing it and seeing how it works? Follow what’s currently in the Reference app, we are in the process of updating our docs so it may not be up to date.
We tested our reference app using client version 5.12.0 (9832) and the latest CDN sdk version and found no errors with the Oauth. We strongly recommend using the reference app as a reference. Can you attempt to run the reference app to see if your errors are reproducible?
Refer to this authorization page instead for Oauth within zoom apps: Authentication