Hi,
I’m seeing conflicting documention. I am building my first Zoom app, and it’s within the Zoom client. I selected “General App” when creating it within the Zoom Marketplace.
I am simply trying to redirect to the Oauth approval screen for the user, but keep getting a 403 error in the Dev Console saying the domain and/or scheme is not allowed.
Sending to this link (vars have been changed)
https://zoom.us/oauth/authorize?response_type=code&client_id=123456&redirect_uri=https://xyz.com
I have my URL (https://xyz.com) setup as the Oauth redirect value in my Marketplace listing.
My question is OAuth only allowed in Production for an in-client solution(once an app has been submitted and approved)?
Or should it work in Development as well? Nothing I try seems to work in Dev. Outside of the Zoom client (as a test), it works as expected, though.
Thanks!
David
Hi @davidgarthe
Thanks for reaching out to us!
you should be able to authorize your app with your development credentials.
Are you also adding your redirectl url in your allow list ?
In addition to having https://example.com/
included in the “OAuth Allow Lists”, how are you hosting this redirection? If it’s from within your own application, hasn’t the user already authorized it? Within your own application, you’ll need to approve of specific domains that are allowed to be accessed; declare these in (Build your app; Features; Surface) and check that the Domain Allow List section has your domain.
Who is trying to add your application? Both the Development and Production applications start out in Local Test, which only allows users in the same account to add your application; no approval needed.
1 Like
Hi. Thanks.
I wanted the user to “register” before using the application, which is why I wanted to OAuth before they use the app. It was for me to register them as a user the first time.
Ok, I might see what you’re referring to. I’ve approved it already through the app marketplace.
I was going with the idea that they would need to OAuth via the app within the client.
Ugh.
I’ve added just about every domain I could try without luck. Is there anywhere else I should look (ex OWASP headers) that may generate the same error?
Thanks!
There is an App Access feature where users have to go to your landing page to add the application, which sounds like what you are trying to do. I’m guessing you’d direct users to your authorization URL afterwards (it looks reusable, which may be a concern), or see if a deeplink is viable.
Thank you! I’ll check this out.