Help me to migrate from JWT to OAuth using PHP Curl

,

Hello All,

We have integrated zoom api with jwt authentication.

As JWT is deprecating soon, need to migrate it Server-to-Server OAuth or an OAuth app.

From the above 2 (Server-to-Server OAuth or an OAuth app) which one is easy and safe in coding point of view.

Someone please share code or guide for migrating

Thanks

Hi @Dora_Reddy ,

Server-to-Server OAuth app is the most closely related to JWT in terms of access and purpose.

To get started, take a look at our Postman Workspace for guidance on Server-to-Server OAuth: Create meeting link on behalf of external users by hosting OAuth Account Level APP - #3 by hmshah.1984

You can use Postman’s code snippet feature for sample code:

1 Like

Hello @gianni.zoom Thanks for the details.

When using jwt authentication, Only JWT token enough for all API calls.

So how can i need to change my existing code below with OAuth Please help

            $request_url = 'https://api.zoom.us/v2/users/'.$host_id.'/meetings';
        $headers = array(  "authorization: Bearer ".$this->zoom_jwt_token,
                           "content-type: application/json"
                        ); 
	$ch = curl_init();
	curl_setopt($ch, CURLOPT_URL, $request_url);
	curl_setopt($ch, CURLOPT_RETURNTRANSFER,true);
	curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); 
	curl_setopt($ch, CURLOPT_HTTP_VERSION,CURL_HTTP_VERSION_1_1);
	curl_setopt($ch, CURLOPT_CUSTOMREQUEST,$customrequest);
	if(isset($data) && !empty($data))
	{
	$postFields = json_encode($data);
	curl_setopt($ch, CURLOPT_POSTFIELDS, $postFields);
	}
	curl_setopt($ch, CURLOPT_HTTPHEADER, $headers); 
	$response = curl_exec($ch);

Do you mean only JWT allows you to access all API endpoints? Or that JWT does not expire?

For Server-to-Server OAuth, you can access all the endpoints with the correct scopes. As far as token expiry, Server-to-Server OAuth expires after 1 hour and you need to generate a new token unlike with JWT where you can set the expiration for as long as you want.

@gianni.zoom
We actually set JWT for longer expiration date and save it in DB and used the JWT token for all API calls.

So for Server-to-Server OAuth, Is it ok to set high-level scope for App and use it for all API end points?

Can you please provide me php code for create meeting API with Server-to-Server OAuth.

Yes this is okay.

Click on the code icon and scroll for PHP snippet: Postman

Thanks for the help. I’m successfully migrated from JWT to Server-to-Server OAuth.

1 Like