Description
Currently; I am obtaining an access token, parsing the JWT to extract the account ID and storing that account ID with the access token. Once a deauth webhook is received; I find the access token via the account ID and remove it. This feels kind of dirty because I am using the access token itself which is undocumented and subject to change; is there another recommended method for linking a Deauthorization request with an access token?
Are you doing this process each time there is a new access token granted?
What do you mean by “using the access token itself”? Like from when you initially obtain the access token like in the first part of your post?
Ultimately, the account id is the main identifier in the deauth notification webhook and then you use that to isolate the access token which it sounds like you are doing. I do understand the push for more official guidance on this though.
Before I continue, please confirm my present understanding
What do you mean by “using the access token itself”? Like from when you initially obtain the access token like in the first part of your post?
Many thanks for your response; Yes; so when I initially obtain an access token; I parse it to retrieve the account ID and store it. I then use this to identify which access token to delete when a deauth webhook is received.
Apologies for missing this! There is no updated guidance on this yet, but this is an area for clearer documentation. Thank you for bringing that to our attention. Your approach seems okay so far and Zoom will alert if and when there is a change to this.