As meeting:write is not available for chatbots, does it mean that chatbot can not create a meeting on behalf of a non-admin user using OAuth 2.0 flow?

Using this template helps us debug your issues more effectively

Description
A clear and concise description of what the question is.

We have a chatbot that matches end users with experts. Once the match is made, we would like the bot to create a meeting on behalf of the expert. For this we would ordinarily use the OAuth 2.0 flow, get the expert consent, get the auth code, and then the access token etc.

It seems when creating a chatbot, `meeting:write:admin is the only scope available and not meeting:write

Since the former meeting:write:admin is available only to Admin accounts, does this mean that the chatbot can not be used to participate in OAuth flow for regular users such that the access token fetched will have the ability to create meeting?

Just this step alone fails for regular users when using the clientid of the chatbot app with meeting:write:admin scope: Direct the user to https://zoom.us/oauth/authorize

Does that consequently mean that for the use case above we are forced to use both a chatbot app and a separate OAuth App (with meeting:write scope)

We had previously asked this, Least Privilege Setup for Chatbot that creates meetings on behalf of users? - #2 by will.zoom the answer to which seemed to suggest that a limited scope could be available for this purpose of creating meetings on behalf of regular (non-admin) users. But we have not been able to find that limited scope for meeting creation when using just the chatbot app.

(any reason why meeting:write is not made available in chatbot as a limited scope)

Error
The full error message or issue you are running into.

image1208×250 43.8 KB

https://zoom.us/oauth/authorize

Which App Type (OAuth / Chatbot / JWT / Webhook)?
Knowing the endpoint/s can help us to identify your issue faster. Please link the ones you need help/have a question with.

Chatbot

Which Endpoint/s?
Knowing the API endpoint/s can help us to identify your issue faster. Please link the ones you need help/have a question with.

How To Reproduce (If applicable)
Steps to reproduce the behavior:

1. Request URL / Headers (without credentials) / Body
2. See error

Screenshots (If applicable)
If applicable, add screenshots to help explain your problem.

Additional context
Add any other context about the problem here.

Hey @gauraves,

Thank you for reaching out to the Zoom Developer Forum. I’m happy to help out here!

As you noted, the scopes provided by the Chat Bot are account-level which means that an administrator that has the listed permissions will need to install the application on the account.

From there, you can create meetings on behalf of other users with the account-level credentials.

I hope that helps! Let me know if you have any questions.

Thanks,
Max

Hi MaxM

From there, you can create meetings on behalf of other users with the account-level credentials.

Can you explain how this can be made to work with account-level credentials as the Create Meeting API wants OAuth Grant Flow, which seems can only be consented by regular user accounts and not the chatbot clientid/secret. Which token do we use since the Account Level credentials seem can only be used for client credential grant flow and that client credential access token when used with the Create Meeting API does not work.

Are we expected to use the Access/Refresh Token of the Admin who installed the app to use with the Create Meeting API? (That Admin role may change, may leave the company etc)

Is it possible to provide a pseudo code sample?

Hey @gauraves,

While I don’t have pseudo-code here I’m happy to help!

The ChatBot would only need to be authorized once by an administrator using the Client Credentials flow. After that, you can use the Authorization Code flow with the same credentials in order to make API requests

Let me know if that helps.

Thanks,
Max

Unless we are totally off track, the only client credential flow is for the chat bot clientid/secret itself, and for the Admin we would have to use ouath2.0 flow, which would tie the bot to using a single human Admins access/refresh token…

Hey @gauraves,

What I meant is that you can use a ChatBot app to also make API calls but it requires an additional authorization flow in order to obtain the API token.

Please see our documentation on using OAuth with ChatBot and let me know if that helps to explain the process:

Let me know if you have any questions!

Thanks,
Max

Request you to revise your statement “After that, you would be able to make requests using a Client Credentials flow on behalf of the administrator and create meetings for other users” as that is unnecessarily confusing.

**When meeting:write:admin is in chat bot scope, the authorize request fails when executed by a non-admin user. This is how we started this thread in this first place (please refer to the first message in this thread) **. So we are still confused as how your suggestion will work since we already tried it and that is how we started this thread.

If you are suggesting we set up a second OAuth App if we want to create meetings for non-admin users, then what is the use case for meeting:write:admin in the chat bot? As in a normal oAuth App (non chat-bot) we have to use meeting:write scope anyway.

It feels like there is some basic disconnect, which Zoom Developer support could solve by simply providing some code samples.

As a suggestion, please see how many code samples are available for bots for Microsoft Team at GitHub - microsoft/BotBuilder-Samples: Welcome to the Bot Framework samples repository. Here you will find task-focused samples in C#, JavaScript and TypeScript to help you get started with the Bot Framework SDK! for all common scenarios. Is there a similar repo for Zoom that we may refer to?

Hey @gauraves,

Good call, I’ve updated my post to be much clearer.

I’m not suggesting that a separate OAuth app is created. Instead, after you install the ChatBot using the Client Credentials flow, you can use the ChatBot credentials to complete the Authorization Code flow as an administrator. From there, you would use that second token to create meetings for users under the account using the Create a Meeting API.

In practice, this likely means that the administrator is authorizing the Chat Bot and the API at installation.

While you could create a User Managed OAuth app, this would require each user to install that app separately.

While we do have some sample apps for our ChatBot:

and an accompanying build guide:

https://marketplace.zoom.us/docs/guides/chatbots/build-a-chatbot

We don’t seem to have a code example showing how this would be done. This is something we can definitely work on providing in the near future.

If you want to have a meeting and discuss how this can be implemented, please submit a ticket and include a link to this thread.

You can submit a ticket by navigating to our Developer Support Center.

Thanks,
Max

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.