I am trying to tie a CRM with Microsoft Dynamics application to our Zoom account for a specific user. The application will only have access to that users webinar information so that it can issue invitations, and create invitations. This integration wont be listed and will be for a specific person.
The documentation I have uses a client id and client key to tie in.
My question for you is if I am even approaching this correctly and if I am, i need help with the authentication part.
Looking at the application types I see 2 options that give me scopes. thats General App and Server to Server. Server to server scopes look to me that they expose to all webinars on our account and we need to limit it to just the single user. from what I can see of scopes available for webinar access, that limits me to general app.
So i started creating a general app to generate the client keys. I got that far, but im having trouble with auth. it wants me to use OAuth but we dont support that. When i redirect to local host, it gives an error. when i attempt to use our SAML link we use for regular SSO login i get an error given that SAML data is missing.
Can you offer any advise as to how to deal with the OAuth, or if I’m going about this the wrong way, how i should be approaching this?
Yes you need to connect with OAuth. So you may have to create code to interface with your system.
If you are unable to do that then you will need to use a third party tool. I dont think zapier will support the level of information.
But if you want to connect directly, you must use OAuth.
John,
Thank you for your response. Ill have to check to see what options we have for interfacing. OAuth aside, do you see any reason the approach itself would be wrong? I just want to make sure that server-to-server wouldn’t be the better option given that this requires limiting webinar data access to only be able to access a specific persons license and mask the rest of the account.
Hi @jevans2
A S2S app should have access to all the account, not a specific person license, but the person who creates the app should be an account admin.
If you want to take a closer look at sample apps that use OAuth, here is a link:
Personally, I am not happy with server apps. I would ban them because they are not going to work within the complete marketplace and are limited to working for just one account.
However, I can see the temptation.
Server apps are at the account level and therefore you are giving away access to anything, anyhow and trusting the developer for what they are doing,
There is no Zoom approval or recognition.