JWT Authentication not recommended for 3rd Party Applications

simrankaurbal.khokk · April 13, 2021, 3:26pm

Using this template helps us debug your issues more effectively

Description
As per the documentation available at https://marketplace.zoom.us/docs/guides/auth/jwt there is a note stating that " All apps created for third-party usage must use our OAuth app type.".
What are the reasons for not using the JWT authentication mechanism for the 3rd party integration?
Also I did find documentation available for Azure and PingFederate integrations with zoom which use the JWT Authentication mechanism.

Which App Type (OAuth / Chatbot / JWT / Webhook)?
JWT

Which Endpoint/s?
User APIs

will.zoom · April 14, 2021, 2:16pm

Hi @simrankaurbal.khokk,

JWT authentication is intended for server-to-server integrations, as JWT apps are account-wide and can’t be accessed outside of the account they’re created under.

We require OAuth for integrations where you’ll need to access/manage external Zoom accounts—these apps must follow our submission process and be published publicly on our Marketplace so that users can understand what app and permissions they’re authorizing when leveraging your integration.

Let me know if this helps to clarify,
Will

Topic		Replies	Views
JWT Apps Security Concerns API and Webhooks	2	337	February 13, 2024
Can I integrate OAUTH with an existing JWT app? API and Webhooks	4	590	March 25, 2021
Automated Authorization from a third party app API and Webhooks	2	659	November 15, 2021
JWT app migration if using a third party app - Jumpcloud Zoom Apps jwt	1	477	August 28, 2023
Question about architecture using JWT for integration within a platform API and Webhooks	10	1288	August 21, 2020

JWT Authentication not recommended for 3rd Party Applications

Using this template helps us debug your issues more effectively

Related topics