Does zoom support more than two environments for oauth2?

Hey @michael.solomon, thanks for posting and using Zoom!

Few options, you could use 1 OAuth app, and then redirect to the respective environment by whitelisting your environment domain names. Due note that the Redirect URL and whitelist URLs need to have the same base domain. So you could add a sub domain redirect for each environment.

Or you could create a different OAuth app for each stage, however, a Zoom OAuth app has a development and production environment with separate credentials already built into a single OAuth app, so you could use the Testing Credentials for both development and staging.

Yes it is safe, and that is the recommended / industry standard OAuth2 flow. :slight_smile:

Let me know if that helps!

Thanks,
Tommy

1 Like

Thanks for your quick response @tommy!

About your first suggestion for my first question. Maybe I don’t understand you correctly but the redirect uri has to be static, isn’t ? so for example if I have dev.example.com and stg.example.com I can’t put both uris in the redirect uri app configuration.

Hey @michael.solomon,

It can be dynamic! :slight_smile:

So both those URLs would work! As long as they are listed in the whitelist URLs.

Thanks,
Tommy

@tommy
Thanks!

I tried to set redirect URI to http://localhost:300*/, and it seems like it’s working!!
I can’t find documentation about the syntax. can you help to find it? (maybe there are other special chars I can use).

It can be dynamic! :slight_smile:

How dynamic it can or should be?
The following would work?

  1. Redirect URL for OAuth set to:

https://example.com/projects/*/page1/*

  1. The browser sends the user to the following URL:

https://zoom.us/oauth/authorize?response_type=code&client_id=***&redirect_uri=https://example.com/projects/12324/page1/432432

  1. User successfully authorized and redirected to:

https://example.com/projects/12324/page1/432432

  1. The browser sends the authorization code AND the redirect uri to my server.
  2. The server sends the following request:
POST https://api.zoom.us/oauth/token 
redirect_uri = https://example.com/projects/12324/page1/432432

I’m sorry if I’m asking too specific questions, we have extreme time constraints in those days and I want to be sure I’m doing things right.
Thanks!

Hey @michael.solomon,

You would just need to whitelist https://example.com, then you can redirect to any path or sub domain on that URL.

Thanks,
Tommy

Thanks @tommy, the redirect uri in the zoom app configuration has to be regex or something, otherwise I’ll get mismatch on the code to token request, isn’t?

Hey @michael.solomon,

Correct.

Thanks,
Tommy

1 Like

Hi @tommy,
Our company provide an SaaS where each client site is distinct via a subdomain. We want to integrate Zoom in our Base Software, then all clients can use it. We created one Zoom Oauth2 App for integration and our client users can authorize using their zoom accounts. The problem is the redirect url base on our client subdomains, but we have too many clients (more than 500 and might be more in the future), hence it will be very painful to manually add these subdomains to the White List in Oauth2 configuration page.

Do you have any suggestion?

Thanks!

@tuancode Did you try to add https://*.example.com to your whitelist?

Thank you. I already tried it but unfortunately it responded Invalid redirect

Hey @tuancode, @michael.solomon,

This is totally possible! :slight_smile: Let me walk you through how to do this with the base domain of example.com

For your whitelist, simply add your base domain: https://example.com

Then in your dev/prod redirect url field, add a default redirect, https://any.example.com (this will be programmatically overridden to the correct sub domain, continue reading below)

Now, with your install URL (the url mentioned in Step 1. of the OAuth guide) in your code, dynamically set the respective sub domain on the redirect.

For https://sub1.example.com:

https://zoom.us/oauth/authorize?response_type=code&client_id=7lstjK9NTyett_oeXtFiEQ&redirect_uri=https://sub1.example.com

For https://sub2.example.com:

https://zoom.us/oauth/authorize?response_type=code&client_id=7lstjK9NTyett_oeXtFiEQ&redirect_uri=https://sub2.example.com

Let me know if that helps! :slight_smile:

Thanks,
Tommy

2 Likes

@tommy Thanks a lot!
I highly recommend that you add this in your documentation because this is a sort of a gray area in oauth2, and each Authorization Server implements this slightly different.

2 Likes

You are welcome @michael.solomon!

Thanks for the suggestion, we will add this!

-Tommy

1 Like

Thanks @tommy, It works really well. I agree with @michael.solomon that this part can be tricky if it isn’t included in the documentation.

1 Like

Thanks @michael.solomon @tuancode & @tommy - we’ll work on adding this to our docs :slight_smile:

2 Likes

For future reference: OAuth - Advanced Practices

2 Likes

@michael.harrington

What will happen If I update the user settings from development environment? Will production environment also be able to update the setting for the same user?

Please look into the below mentioned ticket as well -

Hey @rahul5,

Yes!

We will look into your other question in a moment.

Thanks,
Tommy

Hi @michael.harrington and @tommy thank you for your helpful answers here!

Are we able to have multiple redirect OAuth URLs that are not on the same domain?

A couple example use cases:

  1. We are rebranding so for a short period we will have two main URLs
  2. We want to create some marketing sites that allow Login with Zoom but won’t have our same domain

Hey @victor-zmurl,

Currently we do not support multiple redirect URLs that are not the same domain. That being said, you can setup redirects so you can have multiple redirect urls.

Thanks,
Tommy