Oauth authorization grant reusability?

Q: Is the Oauth authorization grant reusable?

As in: If we make a “generic” user, go through an authorization, and capture the auth grant, can it be used to request a token more than once?

I’m trying to determine how to best proceed with a complicated situation.

I was hoping to avoid any need for a datastore, and use the same credentials for all invocations. If we can get a new access token for each invocation, then that should be easy.

Just how bad an idea is this?

(Worst case, we would need to store the access token, the renewal token, and the expiration time. I was hoping to keep things fairly easy :frowning:

Background: I’m trying to build a small script (think Lambda or Function) with an input of a Jira ticket key, that creates a meeting, publishes the URL to slack & to the ticket. In theory, fairly easy.

I don’t want / need access to the entire admin scope for APIs. The JWT credentials at a large enterprise company are not handed out easily, and they are reluctant to let small teams use them, given how much they can access and modify.

I actually have the dev env JWT credentials, and have made the script work by creating a JWT token w/o issue, but now have to pivot to OAuth for any timely completion timeframe.

Which App Type (OAuth / Chatbot / JWT / Webhook)?
OAuth

**** Plea:
Please, developers of Zoom : There are backend processes that do not need admin scope. There are more than one app that runs in the backend per company. Look at Slack’s integrations, and their “bot” user type, which can access the normal APIs with varying scopes!

Hey @matthew.h.barr,

When implementing OAuth, you won’t need to store the authorization code—this can be a one-time action. Rather, you should store the current access tokens and the refresh tokens for the user. When the access token expires, use the current refresh token to request a new access token.

Let me know if this helps to clarify,
Will