Can we be certain that the email address we receive from the v2/users/me endpoint is actually owned by the user? IE could this endpoint ever be called on a user who has created a zoom account for that email address but not yet confirmed their email?
I thought that maybe the “verified” attribute of the user determined this, but for someone who logs into their Zoom account via Google, the api said that verified was 0 for that user. So should we be checking if verified is true OR login_type = [Facebook, Google, SSO]?
What exactly does “verified” mean?
Which App Type (OAuth / Chatbot / JWT / Webhook)?