Can I integrate OAUTH with an existing JWT app?

John_Pansewicz · February 22, 2021, 9:45pm

I have a working application that uses the Zoom API with JWT. I would like to enhance the app to use a user’s Zoom account (using OAUTH) instead of the Zoom acct. for my app.

As I started this work, I realized that Zoom did not allow me to add OAUTH to my existing app, so I’m guessing I need to create a new App.

The questions are:

Is it even possible to use JWT and OAUTH together in a 3rd party app?
If so, do I use multiple Zoom Apps with my application to enable JWT and OATH separately?

Thanks in advance!

MaxM · February 23, 2021, 12:29am

Hey @John_Pansewicz,

Thank you for reaching out to the Zoom Developer Forum. Good question!

It is possible to use two different authentication methods in your app but it’s important to know that they would have separate authorization flows and would be used for different functions. The JWT app is great for server-to-server communication. Alternatively, if you require access to user data, this is where the OAuth app would come into play.

It’s important to note that OAuth apps can only be installed on your account unless it has been published to the marketplace. You can learn more about OAuth here.

You would need to create two separate app types on your account, JWT and OAuth. You would then use the authorization credentials separately.

I hope that helps! Let me know if you have any questions.

Thanks,
Max

John_Pansewicz · February 23, 2021, 12:38am

Thanks @MaxM. Our current integration uses JWT to do all sorts of stuff with meetings using our app’s Zoom account. Now we want to allow our users to specify their own Zoom account for certain types of meetings. At this stage, I need to get a POC working to simply create a new meeting and retrieve the meeting details. Can you confirm this would be possible using the API and OAUTH?

To take it one step further, would I be able to get meeting details of a meeting that was created using OAUTH without an OAUTH token? For example, here’s a scenario:

User creates a meeting through our app. We make a call into the API using the OAUTH flow/token to create the meeting. We retrieve the details of the meeting.
10 minutes later, a user comes to the meeting location in our app. Can we get meeting details using the API via JWT? Or would we need to stash the OAUTH token for the host so that we can make API calls to get meeting details?

MaxM · February 23, 2021, 1:04am

Hey @John_Pansewicz,

Thank you for the update.

Yes, it’s possible to create a meeting for a user on another account as long as your app is published on the marketplace and they have authorized your OAuth App.

You would only be able to use the API to get information about that user if they were on your account. Users external to your account will need to use an OAuth app. For this reason, it’s likely best to use an OAuth app for this use case to simplify the implementation.

Let me know if you have any questions.

Thanks,
Max