Migration from JWT App

You can keep both JWT and Server-to-Server OAuth app types running concurrently. My organization created a separate Server-to-Server OAuth app, replaced the authentication implementation, and we could switch back and forth between the two application identities during staging and production testing, then we deactivated the JWT application on Zoom’s side once we were confident.

Server-to-Server OAuth is probably the best substitute for a JWT app because you don’t need each user to specifically grant permission to the app before use, which would have to happen for OAuth. Your administrator just needs to install the application once upfront.

Please note that OAuth tokens expire regularly (unlike JWT credentials) and refreshing them will immediately invalidate previous tokens, so you probably want to implement key rotation to maintain high availability, especially since you have multiple environments.

1 Like