Missing scope when creating JWT application

heidi.zh.n · June 3, 2020, 10:40pm

Hello!

When I create an OAuth App, there is “Scope” setting to control what the app can access and do. See the attachment.
Screen Shot 2020-06-03 at 3.31.24 PM

When I create a JWT app, there is no such setting for JWT app. See the screenshot. I wonder why this setting is missing from JWT app. It is kind of security concern that a JWT app can do anything without way to constrain it.
Screen Shot 2020-06-03 at 3.30.10 PM

heidi.zh.n · June 5, 2020, 4:16pm

Hello! Zoom team,

Can you help me on this?

heidi.zh.n · June 8, 2020, 3:35pm

NVM.

I close this post since it seems that it is a feature that JWT doesn’t have scope.

michael.zoom · June 11, 2020, 4:15pm

Hi @heidi.zh.n, this is correct - JWT apps do not have restricted scopes. These apps are not tied to users, and are account-level credentials with access to any user on the account.

Topic		Replies	Views
JWT application App Marketplace	9	1703	August 10, 2020
JWT specific access API and Webhooks	2	333	January 2, 2021
oAuth App Scopes API and Webhooks	4	838	April 21, 2022
Can an API app be set to read-only? API and Webhooks	2	301	September 3, 2021
OAuth Scopes Required when publish app API and Webhooks	4	840	October 22, 2020

Missing scope when creating JWT application

Related Topics