I’m trying to do an integration with my webapp using OAuth zoom API. Starting the Oauth flow to ‘install’ the app for the user and getting the auth code works just fine if I just the ‘Install link’ I get on Manage app > Install.
The problem appears when I try to use the same URL in an iframe inside my website, where zoom just redirects to a 400 Bad Request page.
This is required because I’m triggering the Zoom installation when the user is in the middle of a form on my webapp and I don’t want to redirect the user to the full Zoom website and then getting back and losing the form state I gathered. I wanted to do this via a modal window with an iframe inside.
Iframe code is very simple: <iframe width="600" height="600" src="@URL"></iframe>
I’m on Chrome Version 80.0.3987.163
Is this simply not supported or I’m doing something wrong?
Edit: so I managed to get something working using <iframe sandbox="allow-forms allow-scripts allow-same-origin" width="600" height="600" src="@URL"></iframe>. But if I click on ‘decline’ it tries to go to marketplace.zoom.us and then it says " marketplace.zoom.us refused to connect."
I don’t want to give ‘allow-top-navigation’ because I don’t want the user to leave my website and go to zoom… any tips there?
One of the places where I have a place to ‘connect to zoom’ is basically in the middle of my own form where they connect and then select a webinar. If I just redirect I lose whatever the user already typed on other form inputs. (I know about the state param but that is a lot of work for my use case).
With the sandbox options like I did it kinda works except if the user clicks ‘Decline’ zoom tries to redirect to marketplace.zoom.us and that page refuses to work inside the iframe.
If I add the ‘allow-top-navigation’ to sandbox the Authorization page just breaks from the iframe.
Is this officially not supported? Are there any plans to support it?
Even the authorization page design seems to work quite well inside a modal window/iframe, it’s just that code of it ‘breaking out’ from iframe that prevents a kinda normal usage.
Using the state parameter it’s possible to develop this, I’m just trying to get an ‘official’ no before going into a route that gives me a lot more work
