cURL call to get users with JWT token - not working

I have been trying to call the API to just get the list of users, using the calculated JWT token in the authorization header, and I am getting an invalid token error:

{“code”:124,“message”:“Invalid access token.”}

and here is the PHP curl data layout, echoed out:

[10002] => https://api.zoom.us/v2/users?status=active&page_size=30&page_number=1
[19913] => 1
[10102] =>
[68] => 10
[13] => 30
[84] => 2
[10036] => GET
[10023] => Array
(
[0] => authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzZ…(most deleted)
)

My app is an SDK app, and I used the client ID and secret to generate the JWT Token. I think I know it is the correct token because it works to bring up the client view meeting using the zoom javascript library I got from github.

So, question 1: WIth the API calls, is the token used supposed to be the JWT token? I am NOT using OAuth at all right now, although I did get my callback to work save the OAuth token separately. If not, what “token” should I be using?? The word token is used for really varied things as there are a bunch of them.

Question 2: Since JWT is being depracated and dropped, is my assumption that the client ID and client secret from the sdk app what I am supposed to be using to create the JWT token?

Thanks,

Ben Cahan

Hi @captainben99
Thanks for reaching out to the Zoom Developer Forum and welcome to our community!
I am happy to help here!

If my understanding is correct after reading your post, it looks like you are trying to generate a JWT token using the meeting SDK app credentials and that’s the reason why you are getting that error.

So, question 1: WIth the API calls, is the token used supposed to be the JWT token? I am NOT using OAuth at all right now, although I did get my callback to work save the OAuth token separately. If not, what “token” should I be using?? The word token is used for really varied things as there are a bunch of them.

To answer your first question, if you are trying to make API calls to our endpoints, you will have to use our Server-to-Server Oauth app that is the app type

So you will be using your account credentials to generate an access token and use it to get users in your account (or to call our endpoints)

Question 2: Since JWT is being depracated and dropped, is my assumption that the client ID and client secret from the sdk app what I am supposed to be using to create the JWT token?

To answer question 2, you will be using the client ID and client secret to generate a JWT-type token to generate your meeting SDK signature

I hope this helps,
Elisa

Elisa,

Some of what you say makes sense, and some makes it even more confusing.

There are a whole bunch of app types, where do you actually say what eash one is for in a clear way? The SDK app DOES have an OAuth feature, can I use that instead of creating a whole new Server/Server OAuth app for when I want to call the SDK???

Look, specific questions, ignoring for now the JWT app as that is going away and of no concern any more.

1. Is the SDK App just for creating a JWT to use the client? If so, why does it have an OAuth token facility in the credentials? I got the client view working fine with the token created, your answer seems to say that is all that app is good for, joining a meeting using the client. Is the OAuth part of SDK apps meant to then create a zak token for the host to use? This is super duper unclear. I wdant to join meetings from my site and I want to sign up members for webinars from my site, does that multiple apps? Uggh.

2. If I want to be able to add users to the meeting using the SDK, so that I can take the name and email and avatar and anything else from my own user database and display a very simple “Sigh up for this webinar” button for my own site members, why would I not being using the SDK app, whose name is specifically meaning “Software Development Kit”??? Why do I need a whole other app, an OAuth app, to do that? Again, very confusing with so many apps and it being unclear what does what.

Thanks for any clarification, this has become more than a bit frustrating.

Ben Cahan

Hi @captainben99
Thanks for reaching out back and sorry if there is any confusion about it.

I just wanted to clarify certain things here:

1. Is the SDK App just for creating a JWT to use the client? If so, why does it have an OAuth token facility in the credentials? I got the client view working fine with the token created, your answer seems to say that is all that app is good for, joining a meeting using the client. Is the OAuth part of SDK apps meant to then create a zak token for the host to use? This is super duper unclear. I want to join meetings from my site and I want to sign up members for webinars from my site, does that multiple apps? Uggh.

Sorry if I provided the wrong information. So with your SDK app, you will use the client ID and client credentials to generate a signature and join the client, as well with the OAuth part you will be able to generate an access token to access our Rest API endpoints.

Here is a helpful link about this

So in your case, (referring to the first post) you should be able to use your client ID and client secret to generate access tokens, using the OAuth protocol and once you get that access token you will be able to access our rest APIs

Let me know if this helps
Elisa

Elisa,

I am ablwe to create the JWT token just fine, but I am now stumbling on using that token in the callback routine to generate an Oauth acess token. Amazing that you folks don’t just publish a super simple PHP example, using cURL, to do that.

SO, my code in the callback PHP function is:

// Code from the callback routine from the authorize call, which DOES
// pass in a code field that looks fine

$authorization = base64_encode($clientid . ‘:’ . $secretid);
$headers = array('Authorization: Basic ’ . $authorization,
‘Content-Type: application/x-www-form-urlencoded’);
$params = array(
‘code’=>$code,
‘grant_type’=>‘authorization_code’,
‘redirect_uri’=>‘https://www.mysite.com/classes/zoomtoken.php’
);
$apiCall = ‘https://zoom.us/oauth/token’;

$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $apiCall);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT_MS, 20000);
curl_setopt($ch, CURLOPT_TIMEOUT_MS, 90000);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_POST, count($params));
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($params));
curl_setopt($ch, CURLOPT_HEADER, true);

$response = curl_exec($ch);
curl_close($curl);

print_r($response);

The client ID and secret are correct, the code looks fine, but I get the following error when I run that:

HTTP/2 400
{“reason”:“Invalid Grant”,“error”:“invalid_grant”}

I may be a terrible programmer or something, I don’t know, but why the heck is this so hard to do??? I just cannot imagine how other basic programmers get this to work.

So, more help needed, am I setting the curl call incorrectly? I think I am following what I have rad about it from a host of sources.

Ben Cahan

Hey @captainben99
Sorry to hear that you are having issues generating your access token.
I ran a quick request using postman and I was able to generate an access token. Here is the code snippet generated by Postman

$curl = curl_init();

curl_setopt_array($curl, array(
CURLOPT_URL => ‘https://zoom.us/oauth/token?grant_type=authorization_code&code={redacted}’,
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => ‘’,
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 0,
CURLOPT_FOLLOWLOCATION => true,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => ‘POST’,
CURLOPT_HTTPHEADER => array(
‘Authorization: Basic (redacted)’,
),
));

$response = curl_exec($curl);

curl_close($curl);
echo $response;

Elisa,

I was finally able to generate the access token, saving it in my database. I am curious, howrever, about the code you show, which does not have the following header line:

Content-Type application/x-www-form-urlencoded

I am actually using a simple API library I downloaded from github, but in that, for API calls using the access token, it uses the json content type, and it works:

    curl_setopt($ch, CURLOPT_HTTPHEADER, array_merge($header, ['Accept: application/json']));

So, my latest question that does not seem to be answered by the docs: What content type for API calls is acceptable? JSON is easy, I am actually not quite certain what the x-www-form-urlencoded would mean for constructing my post request in PHP.

Ben Cahan

Hey @captainben99
Happy to hear that you were able to generate the access token.
So to generate access tokens, according to our docs, you will have to pass the content-type application/x-www-form-URL-encoded
https://developers.zoom.us/docs/integrations/oauth/#step-2-request-access-token

Screenshot 2023-05-15 at 6.12.31 PM1490×782 91.9 KB

But I was actually able to do some tests on my end and I passed application/json and it worked out as well.
Let me reach out to our Engineering team to clarify this issue.
Thanks for bringing it up to me