OAuth user authorization not working inside iframe?

I’m trying to do an integration with my webapp using OAuth zoom API. Starting the Oauth flow to ‘install’ the app for the user and getting the auth code works just fine if I just the ‘Install link’ I get on Manage app > Install.

The problem appears when I try to use the same URL in an iframe inside my website, where zoom just redirects to a 400 Bad Request page.

This is required because I’m triggering the Zoom installation when the user is in the middle of a form on my webapp and I don’t want to redirect the user to the full Zoom website and then getting back and losing the form state I gathered. I wanted to do this via a modal window with an iframe inside.

Iframe code is very simple:
<iframe width="600" height="600" src="@URL"></iframe>

I’m on Chrome Version 80.0.3987.163

Is this simply not supported or I’m doing something wrong?

Edit: so I managed to get something working using <iframe sandbox="allow-forms allow-scripts allow-same-origin" width="600" height="600" src="@URL"></iframe>. But if I click on ‘decline’ it tries to go to marketplace.zoom.us and then it says " marketplace.zoom.us refused to connect."

I don’t want to give ‘allow-top-navigation’ because I don’t want the user to leave my website and go to zoom… any tips there?

Hey @lixoaqui,

The Zoom OAuth flow is intentionally unsupported in iFrames.

Why do you need this flow to be in an iFrame when there is a redirect URL that will redirect the user back to your site after the install the app?



One of the places where I have a place to ‘connect to zoom’ is basically in the middle of my own form where they connect and then select a webinar. If I just redirect I lose whatever the user already typed on other form inputs. (I know about the state param but that is a lot of work for my use case).

With the sandbox options like I did it kinda works except if the user clicks ‘Decline’ zoom tries to redirect to marketplace.zoom.us and that page refuses to work inside the iframe.

If I add the ‘allow-top-navigation’ to sandbox the Authorization page just breaks from the iframe.

Is this officially not supported? Are there any plans to support it?

Even the authorization page design seems to work quite well inside a modal window/iframe, it’s just that code of it ‘breaking out’ from iframe that prevents a kinda normal usage.

Using the state parameter it’s possible to develop this, I’m just trying to get an ‘official’ no before going into a route that gives me a lot more work :slight_smile:

Hey @lixoaqui,

I would suggest redesigning the flow to save what the user has typed, or connect the Zoom account after / before they have typed.

There are no plans to support the OAuth flow in an iFrame. It must be done by navigating the user in the browser.

Yes, you could also use the state param. :slight_smile:


1 Like