Hi,
When Zoom sends back the authorization code to the caller(redirect_uri), can it send the user data who have authorized the app? At present, it just sends the code(UUID) and there is no user information(just user ID) to correlate(or validate) to our application user session.
Thanks,
smsivanesan
Hey @sivanesan.murugesan, great question and thanks for using Zoom!
Once you receive the code, use it to request an access_token.
Once you have the access_token, JWT decode it to get information like the userID.
Thanks,
Tommy
Thanks Tommy for your response. Yes. I did decoded as you suggested. But it is showing me like a “UUID” value rather a user login ID or user’s email. Am I missing anything here?
Hey @sivanesan.murugesan, happy to help! 
When you JWT Decode an access token, It should look like this:
Notice on the left the userID
Let me know if this helps.
Thanks,
Tommy
Hi Tommy, Yes. I saw it. But my question was. it shows like a UUID and not as an actual user login ID or email. We wanted to map it to our application user session.
Hey @sivanesan.murugesan I see!
You can use the userId in the JWT decoded object to make a request to GET /users/{userId} which has the email in the response.
Thanks,
Tommy
Hi Tommy, Great. Thanks. This helps.
1 Like
You are welcome!
Thanks,
Tommy
UPDATE:
Zoom does not recommend getting information from the access token by JWT Decoding it because the structure could change anytime. Do not rely on JWT Decoding the access token.
Use the Get User API with the me context to get information about the owner of the access token.
Thanks,
Tommy