Description
I have an OAuth connector set up on a web-server that reliably creates meetings for a handful of colleague’s zoom users (via the Zoom API) where I was previously able to complete authorization grants and establish OAuth tokens. The last time we successfully did this was June 22nd, but now the authorization grant process no longer works, although the established OAuth tokens still work perfectly. I don’t know whether this is due to tightened security or publication status of my connector. The connector is in an unpublished state and has both development and production client IDs and secrets. The user the connector was created under is not a full developer, to the best of my knowledge.
I don’t believe it’s appropriate to expose the app to the entire world, but I do need to allow more colleagues in my department to complete authorization grants.
Any thoughts on how to pursue this?
Error
“You cannot authorize the app / This app cannot be installed outside of the developer’s account.”
(prior to redirecting back to my webserver)
Which App Type (OAuth / Chatbot / JWT / Webhook)?
This is an OAuth app, associated with a user without full developer roles, ttbomk.
The zoom user is part of the same organization, and I confirmed with our Zoom admin that my user with the connector has some sort of developer role. There was some re-organization of the account, and this user was moved out of a sub-account in the past month with all of the others. From the account admin: “Good call, I’ve moved that account into a developer-enabled role now as it had been placed into the Member role during migration”.
I just tried testing the authorization grant process again, and it still fails - even when I do it for myself.
I wondered about the shareable beta url mechanism myself. I don’t see any indication on marketplace.zoom.us that we did, but not sure if there’s a good indicator for whether we made a choice or not.
Is there a specific developer role that’s needed for this connector to work? And what exactly does “outside of the account” mean?
Ah interesting. Did the account that the app was created get transferred or merged into another account? If so we will have to fix the app on our end. This is a known edge case.
Glad this falls under a known edge-case!
It’s an OAuth app called “AWCIM Web App Connector” and is now part of the arizona.zoom.us domain. (the user is azcim-webapp)
When I look at the /user#/ endpoint I see the users under the account that we would want to receive authorization grants from, so I don’t think we need to publish after all.
Before getting started on the new connector, can you confirm one way or another whether meetings set up through the old connector would be still valid once the new connector was in place? And also if we need to deactivate the old connector for the new one to function properly. (The old connection still works for existing token refreshes), so we’d want to be able to fall back to it if the new connector doesn’t fix the issue.