Though this guide is for S2S OAuth, the foundational principles apply and can give you some inspiration on how to handle token expiration in your app’s architecture: Server-to-Server OAuth and scaling token management
We have integrated Salesforce with our Zoom Enterprise Org, handling sub-accounts as well. Currently, we use a General App (User-managed OAuth), which allows us to:
Match the logged-in Salesforce user with their Zoom account (via email and Zoom phone number, example: 863) to start meetings and calls on their behalf.
Fetch recordings for all users using Parent Account credentials.
The Issue: The Refresh Token for the General App expires every 90 days, requiring manual re-authorization in Salesforce.
Why we are not using Server-to-Server (S2S) OAuth: We attempted to use S2S OAuth, but we faced limitations when trying to initiate calls/meetings, specifically on behalf of the logged-in user with the correct context. Therefore, we reverted to the General App.
Question: Is there a way to automate the token renewal process or a specific configuration within Salesforce/Zoom that prevents the need for manual re-authorization every 90 days, while retaining the ability to start meetings as a specific user?"
While refresh tokens expires every 90 days, each time you refresh an access token, you get an updated refresh token in the response. Zoom best practice is that you should always use the latest refresh token for the next refresh request as this also advances the expiry. This means if the user is actively using the app, you wouldn’t really have a need for manual re-authorization. This would only really happen if say the user uses the app and then doesn’t use it again for 90+ days, thereby requiring re-auth.