Hi @tommy, thanks again for the detailed response, and for replying when it was past midnight for you!
I worked on some other stuff during that time, so didn’t respond in few days
I found the error, I was using a POST request instead of a GET request.
now in the response, I see this message - Only available for paid account and enabled Dashboard feature.
My account is not a paid account, and I don’t have the dashboard available.
But my app specify this specific scope -
dashboard_meetings:read:admin. So why am I able to press the authorize button while signed in to my account?
This is what you wrote about it before:
I have a basic account. Is there a way to test my app using this account?
Regarding the oAuth2 authentication flow:
I’m using multi-tenancy architecture, which means that for every client I have a subdomain
like - client1.myapp.com, client2.myapp.com, etc…
In my test zoom app, I set the redirect URL and whitelist URL to be
https://*.myapp.com (I’m currently developing locally, so -
I tested it using my app, and indeed when supplying a full redirect URL (like https://de842a95.ngrok.io/ which was my supplied ngrok URL at the time) to https://zoom.us/oauth/authorize it worked! I just want to make sure it will work for me when I will deploy my app
Another question - the OAuth flow will be started by a user clicking on some button on my site, and being redirected to
https://zoom.us/oauth/authorize right? if so, I can insert whatever subdomain I want in that stage, and make sure the client will then be redirected to the correct subdomain and storing the data in the correct client’s DB schema.
I’m considering just for the Zoom and similar apps authentication flow to use a generic authentication app on my site. But if I’ll use this way - How can I tell which client just authenticated? I only get the access token and the refresh token. Can I somehow use those tokens to understand which user of which organization just authenticated? I saw there’s an option to pass some user state, and I can use it to pass the organization name/id but I wondered if there’s a better way
And to sum up the previous questions about the app for different accounts:
- If a company have at least one user who is on the business plan and an admin (and integrated the dashboard) - I can ask this user to authenticate my app - then I’ll be able to call the dashboard/meetings API and get all the meetings of the organization of all the users in that organizations, right? also the ones on basic and pro plan?
- If my client has only a pro user, I will need to configure a webhook to notify myself of every ended meeting. If this is an account-level app, will it notify me of every ended meeting in the organization, right?
Now I will need to get the list of participants in that meeting, can I use the token I got from the pro-user who authenticated the app to query the participants API? will it work even if that user did not host nor attended the meeting?
Thanks again for everything, and sorry for the never-ending stream of questions… As I continue to develop my app I come across new questions…
Have a good day, as much as possible with the coronavirus…