We are from SumTotal Systems LLC. SumTotal and offer Talent Management solutions. One of key modules of our product is Learning management suite. We are working on an Integration feature with Zoom, where Learning administrators can create Zoom meetings and Assign Instructors from SumTotal administration screens.
To establish authentication between SumTotal and Zoom API, we were suggested to use oAuth app. While creating Account-level oAuth app, we came across following queries:
The Client ID, Client Secret and Redirect URI needs to be provided at the time building app. If a customer install this app in their zoom account, will they be able to change ClientID and Client Secret for their instance.
Redirect URI changes from customer to customer ex. Customer 1 will have url https://cus1.sumtotal.host/oauth/redirect while customer 2 will have https://cus2.sumtotal.host/oauth/redirect. Some customers opt premised mode of installation. In those cases the domain will be completely different. Is there a way to allow customer to input redirect URI at the time of app installation.
No, the user who installs your app does not see the Client Secret, and cannot change either the client ID or Client Secret. For their instance of the installation, you can request an access_token to make API requests.
You can either publish 2 Apps to the Marketplace, one per customer, or you can add a state query param to the install url to pass data like who that customer is, then read the state query param and do the logic you need once they install and authorize your app and land on your redirect url. Notice how I set the state query param on the install url and it persists through the install process to your redirect url.
