OAuth Authorize breaks out of frame

I feel like a few weeks ago this did not attempt to break frames.

We are using the WebSDK because we want to keep our clients within our application environment. The idea is that when they elect to leave the meeting, they are back to where they were in our environment instantly, without having to navigate windows.

We load this in a frame so that authentication does not take them out of our application. We then also load the Web UI in the same frame because many of the JS libraries required conflict with our application.

I also noticed that when clicking to Leave Meeting, the frame is again broken and takes the user to a Zoom URL, which also takes them out of our application.

There are dev solutions I can hack to get around all the noise in the process, but a solution from the source is always better.

What is the purpose behind the frame breaks, and what is a suggested workflow that is not cumbersome for our clients?


Which App Type (OAuth / Chatbot / JWT / Webhook)?

Which Endpoint/s?

How To Reproduce (If applicable)

Screenshots (If applicable)

Additional context

In attempting to move to new window instead of iframe, I receive this error on initial authentication:

Invalid redirect: https://azdt-kwilliams2/st2022/resources/WebMeet/Resources/WebMeetAPI_AuthZoom.html (4,700)

This is my OAuth App API redirect URL:


This did work last week, 4/22/2020

Hey @kmwill23,

Make sure your redirect url is a valid url.

Also make sure your redirect url in your OAuth requests matches with your redirect and whitelist urls in the Zoom App Marketplace settings.


Hello Tommy!

I did find that whitelist solution from another topic. Seems like it would make sense for this redirect url to be automatically whitelisted. As I mentioned above, this was not a requirement on April 22nd.

You didn’t respond to my original question about frame breaking in the original topic. Any feedback?

Hey @kmwill23, please pardon the delay in our responses right now.

We don’t support the use of iframes to view Zoom auth pages or meetings; there are just too many contingencies where this could break for us to be able to support.

You are however able to pass the user’s state info on the end of the Redirect URL. This will bring the user back to the application with the needed context.