How to choose JWT or OAuth authentication for webinar

Description

Hi, I am new to the zoom integration, and after going through the document of authentication methods I am still confused. So our company is trying to integrate zoom webinar to our webapp using SDK and zoom api, and the use case will be allowing some users to create a webinar and other users can join the webinar on our website. So in this case, which authentication method I should use. Or it does not matter? I am trying to use jwt, and seems like it is working.

Also, speak of webinar, another related question is whether the host can use sdk or api to start the webinar on our platform? Or they have to use the start_url (I did some research and noticed someone mentioned this), which means the host cannot use our webapp to start the webinar, not like attendees joining the webinar/meeting.

Thanks so much, and sorry for the messed up question. Hope this makes sense.

Best,
Harrison

1 Like

Hey @webinar, thanks for posting and using Zoom!

Are the users who are creating the Webinar apart of your Zoom account, or are they external Zoom users? If the hosts of the webinars are all on your Zoom account, then you can use JWT.

OAuth is for making actions (like creating webinars) on behalf of users outside your Zoom account.

The Web SDK also uses JWT to generate a the meeting / webinar signature.

Currently starting a webinar via the Web SDK is not supported. To start the webinar, have the host navigate to the start_url.

Let me know if that answers your questions, or if you have additional questions. :slight_smile:

Thanks,
Tommy

Thanks so much Tommy! I have been searching these for a long time. And eventually I guess asking a question here is a good idea. Maybe I missed some part of the document. Sorry for the stupid question.

So, my current implementation is: we have one account with webinar feature add-on, and I just use that account api key and api secret in our webapp. So our users can all login to our webapp and schedule a webinar, right? But those webinars will all actually be created under that one zoom account, right?

And, I also used the sample app as reference to integrate the joining meeting feature to our webapp, and I still use that same zoom account. So when attendees log into our webapp, they can all join the meetings. So is it a correct implementation? Or I have to use OAuth?

So, I am not sure if this scenario is considered as “on behalf on users”. So all users use our webapp to schedule webinar and join webinar. So please help me understand. Thanks so much. I hope I made the question clear. Thanks so much.

Best,
Harrison

Hey @webinar, no such thing as a stupid question! :slight_smile:

Are your users who are logging in, also users under your Zoom account? If so, your flow is possible.

Correct. You will not have to use OAuth for joining meetings via the Web SDK.

Thanks,
Tommy

Thanks so so much Tommy. So I think I got the second question clear, but the first one I may ask more questions. So, when I say “users log into our webapp”, that mean just our webapp account, not zoom account and they may not even have zoom account. So, let me ask in this way: we have an zoom account A, and I used A’s api key and api secret in our webapp, then can our users log in our webapp and create webinars? For my understanding, they can create webinars but those webinars are all under account A, right? Which means the hosts are all account A? And can those webinars start at the same time and have different attendee? Hope these questions make more sense. Thanks so much!

Best,
Harrison

Hey @webinar, happy to help! :slight_smile:

Correct.

Correct.

Correct.

Hosts cannot run multiple webinars at the same time. If you want multiple meetings at the same time, then you’d need multiple hosts.

Does that clear things up?

Thanks,
Tommy

Yes Yes, this is perfect Tommy. Thanks so much.

So, when you say multiple hosts, you means multiple account with webinar add-on, right?

Also, I guess this is the last question. So, since right now the sdk does not support starting webinar, user needs to use either browser open start_url, or use client to start webinar, right? And both of the methods requires logging in our zoom account A, right? Then is there any way that we can allow user not to log in as zoom account, but just log in to our webapp and start webinar there? Hope this make sense.

Thanks so much.

Best,
Harrison

1 Like

Hey @webinar, you are welcome! :slight_smile:

Correct.

Correct.

This is possible with the start url, which has a token attached to it. It will open the Zoom App, without the user having to sign in.

Screen Shot 2020-02-27 at 1.42.12 PM

https://marketplace.zoom.us/docs/api-reference/zoom-api/webinars/webinarcreate#responses

Thanks,
Tommy

Thanks so much for your answer. DId not expect you reply such quick.

So I tried the start_url, and seems like anyone with the link can start the webinar as host, right? No login needed. That is really convenient! Then one more quick question for now, so since the expiration time for the start_url is 90 days, when does it start count? Start from the creation date? So if I schedule a webinar for 90 days later, I will have to retrieve a new start_url before that webinar starts, right? Thanks.

Best,
Harrison

1 Like

Hey @webinar, you are welcome! :slight_smile:

Correct! :slight_smile:

Correct. Due note the difference between regular users, and custCreate users. I belive you are using regular Zoom users so the expiration is actually 2 hours, not 90 days. Once it becomes within 2 hours of your webinar, you can simply to a GET /webinars/{webinarId} request to get the updated start_url. :slight_smile:

Thanks,
Tommy

Got it, thanks, I got the idea. So I put the start_url in a button, and I think I can retrieve the updated start_url every time the user click the button, right? That will keep the url updated.

Thanks so much! I think I got all the questions answered for now! Thanks so much! Have a good one.

Best,
Harrison

1 Like

Hey @webinar,

Exactly, that would be a great implementation! :slight_smile:

You are welcome! Have a good weekend!

Thanks,
Tommy

Hi Tommy,

I am sorry. Before I let you go, I just got a new question. So I as the webinar host to start a webinar, and the user use the sdk to join the webinar as attendee. I was trying to promote the attendee to panelist, but the user just leave the meeting and cannot join back. I know if the user zoom client app, he will rejoin as panelist automatically, but for the sdk, he just leave. And also he cannot join back. I guess he need to use the panelist join_url to join back since he is panelist now, but how to do it automatically? Also when change panelist back to attendee. I hope you got the question. Thanks so much.

Best,
Harrison

Hey @webinar,

Unfortunately at this time promoting an attendee to a panelist is not supported.

Thanks,
Tommy

Thanks so much Tommy,

Then is there any way to disable the option from host’s side? Thanks.

Best,
Harrison

1 Like

Hey @webinar,

What are you looking to disable? The promote an attendee button?

Thanks,
Tommy

Hi Tommy,

How are you? And yes, the option to promote attendee to panelist and also the option to move panelist back to attendee. I mean, if the “promote attendee to panelist” is not currently support by sdk, it will make the integration weird. So if the host promote an attendee, the attendee will be kicked out of webinar and cannot join again.

And also, I noticed one thing, so when using desktop client, if a host “remove” a panelist, the panelist will be kicked out of webinar, there will be a message said the panelist will not be able to join back in. But actually if use the panelist join_url, the panelist can still join back. Not sure if I did anything wrong on that. Hope this question makes sense. Thanks so much!!

Best,
Harrison

Hey @webinar,

That is strange, we will look into this.

Thanks,
Tommy

Thanks so much. Maybe that is because I did something wrong.

And still, is there any way to disable the “promote to panelist” option? Thanks.

Best,
Harrison

Hey @webinar,

Can you provide exact steps to reproduce this issue, including the devices?

Also please include if the host is using the Web SDK or Zoom App, and if the participants who are getting kicked out are using the Zoom Web SDK or Zoom App.

Thanks,
Tommy