Description
I’m building a website where multiple users can sign up under a single organization account. I want these users to be able to create Zoom meetings on behalf of their organization.
Let’s assume we have multiple Zoom users belonging to a single Zoom account who create an organization on my website. What is the best way of authorizing the organization with my Zoom OAuth integration so that every user in the organization can create meetings?
Currently, I have a “Connect Zoom” button that appears in the organization’s settings. When one user belonging to an organization connects their Zoom account, every other user in the organization is then able to create meetings using the original user’s OAuth credentials. Is this the recommended way to handle this use case? If so, what would be the best way to handle the authorized user leaving their organization?
Which App Type (OAuth / Chatbot / JWT / Webhook)?
OAuth
If you wish to authorize an entire Zoom account to have access/utilize your integration, the supported method of doing so programmatically would be to create an Account-Level OAuth App:
When you create an account-level oauth app, you allow account owners and admins to authorize your app/access on behalf of all users on their account.
Thanks Will! If the Zoom user who authorized our app is deleted, what happens to their access and refresh tokens (stored in our database)? Do they become invalid and require a new user from the account to re-authorize?
Good question—if the user who initially authorized the app is deleted, I do believe the app will remain authorized, as that user was authorized at the time of initial installation. This should not require a new user to re-authorize.
When I decode the access token, I see a “uid” field containing the user id of the user who originally authorized the app. If this user is deleted, it seems to me this token could potentially be understood by Zoom as invalid because this “uid” field now references a deleted user. Could you please verify the token would remain valid?
Thanks @will.zoom - really appreciate the support!
I can confirm that the token of the user who originally installed the app and the app authorization on behalf of an account will remain valid even if the original user who installed it is deleted. This ensures that any existing subscribers to the app will not be affected by the deletion of the original user who installed the account-level app.
Let me know if you have any other questions about this!