Here https://marketplace.zoom.us/docs/guides/auth/jwt/ it says:
Note: JWT may only be used for internal applications and processes. All apps created for third-party usage must use our OAuth app type.
Why? What is wrong with using this in my web application for my external end-users?
A JWT application can only perform activities on behalf of users that are part of your account. It won’t have access to user information for anyone else. Maybe that’s sufficient for your purposes, like adding an end user’s email address (that they provided directly to you, not to Zoom) as a panelist or attendee to a webinar that one of your Zoom account’s users will host.
That said, JWT apps are scheduled to stop working in June 2023; you should build or migrate to a Server-to-Server OAuth application instead.