Doubts about meeting sdk

I want to integrate zoom inside my website, using zoom’s meeting sdk, but I am little bit confused as, the documentation here, says that I need to convert to JWT, but the JWT are now deprecated as said in all the documentation. Please guide me so that I can move forward. I want to let the users schedule the meetings as well as attend them on the website .

@jainrakshit_04 , the guide mentions that you need to create a JWT Token using your (SDK Key + SDK Secret) or (Client ID + Client Secret).

JWT App type is different from JWT Token.
JWT token is not deprecated.

First of all thanks for replying @chunsiong.zoom, so you are saying that we can still use the JWT token inside the sdk authorization.
Also, can you please explain what is the major difference between using JWT token and OAuth in sdk.
Moreover, which path will be more relevant to use, JWT tokens or OAuth, if I have to serve to large user base.

@jainrakshit_04 ,

You might still be a little confused.

You need to use ClientID and Client Secret from a Meeting SDK App type to sign a JWT Token for SDK Authentication.

The OAuth found in Meeting SDK App Type is to request for specific information from users.

Ohh thanks for clearing this confusion.
So, I was doing the sdk authorization process, but I am not able to understand from where do I get the meeting number and password asked in payload of JWT.

@jainrakshit_04

I understand.

The meetings needs to be scheduled beforehand.
You can either use zoom.us portal to schedule or zoom rest api to schedule the meeting.

If you are going to use the rest api, you can use oauth or server to server oauth app to generate the access the token and thereafter call the apis

Hi again! thanks for helping me out.
So I was going according to the instructions mentioned in the documentation here, so i encountered the error
{“reason”:“Invalid client_id or client_secret”,“error”:“invalid_client”}
I am also giving you the code, please tell me what is wrong in it.

<?php
$cliendId = "0pqAJLITSzqjjqE1p8XxA";
$clientSecret = "********MY CLIENT SECRET***********";

$authorizationString = $cliendId . ":" . $clientSecret;

$base64authorizationString = base64_encode($authorizationString);

$code = $_GET['code'];

$headers = [ 'Host' => 'zoom.us', 'Authorization' => 'Basic ' . $base64authorizationString, 'Content-Type' => 'application/x-www-form-urlencoded' ];

$postBody = [ 'code' => $code, 'grant_type' => 'authorization_code', 'redirect_uri' => 'https://localhost/zoomMeet/accessToken.php', ];

$ch = curl_init("https://zoom.us/oauth/token");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_POSTFIELDS,$postBody);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);

$server_output = curl_exec ($ch);

curl_close ($ch);

print $server_output;
?>

@jainrakshit_04 ,

Where are you calling this code from? As the code is in PHP, I’m assuming it is from a web server right?

Here’s some checklist

  1. Ensure that your clientID and ClientSecret are correct
  2. Ensure that the $code is new, and only used once. This is OAuth protocol.
  3. Ensure that the redirectURL is correct.

Here’s the overall flow.

  1. User views the app by going to https ://zoom.us/oauth/authorize?response_type=code&client_id= 0pqAJLITSzqjjqE1p8XxA&redirect_uri=https ://localhost/zoomMeet/accessToken.php
  2. User clicks on approve and is directed to https ://localhost/zoomMeet/accessToken.php?code=asdfasdfasdfasdf
  3. On your backend PHP code, you will retrieve the ?code=asdfasdfasdfasdf from the query string and do these.
    Please note that you the ?code=asdfasdfasdfasdf can only be used once. Every time you want to do a test, please start from step 1. You will be given a different ?code=123fgdjkf92123 on the next run.
<?php
$cliendId = "0pqAJLITSzqjjqE1p8XxA";
$clientSecret = "********MY CLIENT SECRET***********";

$authorizationString = $cliendId . ":" . $clientSecret;

$base64authorizationString = base64_encode($authorizationString);

$code = $_GET['code'];

$headers = [ 'Host' => 'zoom.us', 'Authorization' => 'Basic ' . $base64authorizationString, 'Content-Type' => 'application/x-www-form-urlencoded' ];

$postBody = [ 'code' => $code, 'grant_type' => 'authorization_code', 'redirect_uri' => 'https://localhost/zoomMeet/accessToken.php', ];

$ch = curl_init("https://zoom.us/oauth/token");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_POSTFIELDS,$postBody);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);

$server_output = curl_exec ($ch);

curl_close ($ch);

print $server_output;
?>

Yes @chunsiong.zoom I am using the local Xampp server for the call. I have already checked the meeting sdk client Id and secret multiple times, but the result is still the same.

Also, I think I need to build a different oauth app other than meeting sdk from zoom marketplace, and then merge both sdk and oauth. Because till now I was using the same sdk for the oauth process. Please let me know if am I right or wrong?

One more thing I need to know that, do the user need to be signed in at zoom portal, if he/she wants to schedule a meeting through our website. Is there no way that if input their zoom meeting email and schedule the meeting on their behalf?

@jainrakshit_04

. Is there no way that if input their zoom meeting email and schedule the meeting on their behalf?

no, you cannot do that with API

Here’s a working sample code for php.
I’ve previously hosted this as testing.asdc.cc/redirectforoauth.php

To test this flow, I’ll not call it directly, but I’ll use call

https ://zoom.us/oauth/authorize?response_type=code&client_id=[redacted]&redirect_uri=https://testing.asdc.cc/redirectforoauth.php

<?php

$config = include 'config.php';
$oauthClientId = $config['oauth_client_id'];
$oauthClientSecret = $config['oauth_client_secret'];


$path='redirectforoauth.php';
$code =$_GET['code'];


    //echo "handleRedirectUrlDataRequest\n";
    $url = "https://zoom.us/oauth/token";
    $redirectUri = "https://php.asdc.cc/$path";
    //echo "$redirectUri\n";
    
    // Encode the client ID and client secret
    $credentials = "$oauthClientId:$oauthClientSecret";
    $credentialsEncoded = base64_encode($credentials);

    $headers = [
        "Authorization: Basic $credentialsEncoded",
        "Content-Type: application/x-www-form-urlencoded"
    ];
    //echo "$credentialsEncoded\n";

    $data = [
        'grant_type' => 'authorization_code',
        'redirect_uri' => $redirectUri,
        'code' => $code
    ];
    // Encode the data dictionary as x-www-form-urlencoded
    $dataEncoded = http_build_query($data);

    $options = [
        'http' => [
            'header' => implode("\r\n", $headers),
            'method' => 'POST',
            'content' => $dataEncoded
        ]
    ];
    $context = stream_context_create($options);

    $response = file_get_contents($url, false, $context);
    
    $httpStatus = $http_response_header[0]; // Get the HTTP status from the headers

    if (strpos($httpStatus, '200 OK') !== false) {
        //echo "response 200\n";
        $responseJson = json_decode($response, true); // Decode JSON as associative array
        // Set the "Content-Type" header to "application/json"
        header('Content-Type: application/json');

        // Encode the JSON data and return it
        echo json_encode($responseJson);

        // Optionally, you can return an HTTP status code
        http_response_code(200); // Replace 200 with your desired status code
    } else {
        // Handle the case where the response has an error status code
        //echo "Error: $httpStatus\n";
        return "Error: $httpStatus";
    }


?>

config.php

<?php

return [
    'client_id' => 'xxxxxx',
    'client_secret' => 'yyyyyyy',
    'account_id' => 'zzzzzzz',
    'webhook_app_secret_token'=>'123123123',
    'oauth_client_id'=>'xxxxxxxx',
    'oauth_client_secret'=>'yyyyyy'
];

?>

So, that means I need to use different oauth app in order to fulfill the desired results? And from where can I get webhook_app_secret_token.
Also, if I am not wrong the account_id in config.php is the zoom account id of the user we are taking as an input so that meeting can be scheduled, if not please correct me.

@jainrakshit_04 ,

Sorry if the code sample has caused some confuion. You might want to ignore the variable names for now as the code sample is compatible with many type of apps.
account_id, client_id and client_secret is used in a different sample, and might not be applicable for this case.

Lets assume you are using an OAuth App. I’ve created the below for illustration purpose.

The webhook_app_secret_token is the Feature ← Add Feature ← Token ← Secret Token
oauth_client_id and oauth_client_secret are your App Credentials ← Client ID and Client Secret

<?php

return [
    'webhook_app_secret_token'=>'Ykda99MgQ6q7_PCAnd9UFQ',
    'oauth_client_id'=>'a0bUttw4TrO_v7tXjKnTOA',
    'oauth_client_secret'=>'3GU8lo2EkdwSfXXXXXXXXXXXXXX'  
];

?>