Domain List Dilemma

I am having difficulties understanding domain policy.

In our application we re unable to redirect users to Facebook, Google and Microsoft to let them login easily.

We decided to go with Zoom Auth and Zoom is not allowing our users to go Zoom Auth page as well :slight_smile:

We have applied each steps at OAuth with Zoom and followed best practices but we are not able to add to Domain Allow list.

What you think?


Screen Shot 2022-10-17 at 16.42.08

@elisa.zoom need your attention here :slight_smile:

Glad to hear you’ve gone with Zoom Auth! Good decision.

Your Zoom App, tho, doesn’t need to Auth with Zoom. It’s a Zoom user! You’ll find the Zoom user id on the x-zoom-app-context header. You can also skip authentication for the Zoom App and go right to an ‘authenticated’ state using in-client oauth. This would give you an access token that you can use to pull user profile, etc.

We have disabled domain for security reasons

Thanks Jon, I will try if we can pass marketplace approval process :smiley:

Hi @JonStewart ,

I have two questions regarding in-auth process.

  1. Is there any way rather than using SDK like api calls with x-zoom-app-context
  2. We are using @zoom/appssdk - npm but it does not support test under regular browser and it gives : Uncaught (in promise) Error: The Zoom Apps SDK is not supported by this browser error.
    The question is there any way to work with sdk locally?

These are addressed elsewhere. For now, though, and in short

1). In-client Oauth is the way to get user info - they must accept scopes in-app before given to you . . .
2) The Zoom Apps SDK does not work in other browsers, but you may mock the methods used - simply create an object on window with methods (eg setVirtualBackground) that return promises resolving to the return value for the api/method as defined in the docs

1 Like

Last question about ZoomSdk

authorize(logs {message: “Success”}) and config methods are working as expected but onAuthorized or addEventListener(‘onAuthorized’, callback) never fired.

@zoom/appssdk”: “^0.16.6”,

 const authUser = () => {
        state: 'TIA5UgoM38',
        codeChallenge: "xxxxxxxxxxxx"
      }).then((ret) => {
      }).catch((e) => {

  useEffect( () => {
          capabilities: ["authorize","onAuthorized"]

        zoomSdk.onAuthorized((event) => {

Pls try this:

zoomSdk.addEventListener("onAuthorized", callback)

The onXYEvent fields on the Zoom Apps SDK are deprecated/not implemented

1 Like

Following is not fired as well.

        zoomSdk.addEventListener("onAuthorized", (event) => {
          const { code, state } = event;

          console.log("3. onAuthorized event fired.", code, state);
            "3a. Here is the event passed to event listener callback, with code and state: ",
            "4. POST the code, state to backend to exchange server-side for a token.  Refer to backend logs now . . ."

Oh I can not believe my self.

Problem is onAuthorized was not added to Event list on MarketPlace Interface.


Finally we have integrated with SDK and thanks for your all kind support!

I would like to provide some information for potential SDK users.

Be sure you checked following codebase to understand how code_challenge works.

Be sure that you are using BASE64(Development ClientID:Secret) inside Authorization header.

Be sure that you passing code_verifier while calling


code_verifier is a bit confusing, I tried to use Verification Token BUT it is code_challenge.