OAuth Redirect Issues

OAuth Redirect Issues
OAuth for user authorized apps

Since JWT is being deprecated I have been tasked with building an OAuth app to use in our system. We use the app to allow our clients in their own instances to manage their Zoom meetings, because of this there is a potentially infinite number of custom domains/subdomains that they could use. Ignoring the manual work of having someone go in and add each one of our clients domains (tens of thousands) I want to use the wildcard in the whitelist to accomplish this. Currently there are two major issues I have run into.

  1. Our need is to have any number of clients with any number of completely unique domains and subdomains authorize their accounts through this app. I need a way to “whitelist” literally any domain that exists. This is not a nice to have, this is a must have.
  2. With the redirect, I whitelisted my development environments url to test and it seems that the redirect trims off some necessary URI parameters from the provided url. This is also a blocker.

Hi @Isaiah ,

Thank you for being a part of the Zoom Developer community!

This doesn’t sound possible at this time given that our security best practices and policy limits the auth to domains that are designated on the allow list. “Any number” is too arbitrary to work with our current logic.

In order for your clients to authorize their accounts through this app, the redirect URLs on the OAuth allow list would need to have the same base domain:

What could help support this is limiting the install of your app by providing a “visit site to install” link. There, you could build authenticate your clients accordingly and allow them access to an authorization proxy (that satisfies the OAuth allow list requirements) to install the app.

Can you please provide screenshots? I am not able to reproduce this.

I have found some potential routes around the above mentioned issues. But I do have another question. Currently with JWT our clients can connect their accounts and then create a meeting, when creating the meeting they are able to choose who the host of the meeting is from the users in their Zoom account. Is there a way to do this with OAuth? I selected a user based app rather than an admin based because we will have many users accessing and using the integration. But we do need to have them select who will host.

Hi @Isaiah ,

Yes, but only if you enable the scopes on the app that allow your app meeting creation privileges and that the users who install your app have those same permissions. For user-managed apps users " have access to Zoom APIs that manage an individual user’s content" In most instances, unless users have the permissions to create meetings on behalf of others where they can assign them as a host (typically developer or admin permission), they will not be able to do what you’ve described.

Thank you,
To clarify, with the user scope they can do this, but the user who authenticates has to have the permissions themself?

Hi @Isaiah ,

Yes exactly.

Thank you Gianni,
I built it to accommodate that and they only can view themselves in testing. That should work.

1 Like

Okay great to hear! Thanks!