Description
Say a user authorizes an Oauth app with read and write permissions on Meetings. The Oauth app then creates a meeting on behalf of a user. Is there a way to prevent the user from updating/deleting the Meeting created by the Oauth app unless they do so through the Oauth apps API’s?
Which App Type (OAuth / Chatbot / JWT / Webhook)?
Oauth
Additional context
My Oauth app needs to create meetings for users, I need to store the Meeting Id in a database record and ensure that “Allow participants to join anytime” is always enabled for the meeting. Both of these values can be modified by users via the desktop client or Zoom portal by the user. Is there someway to prevent these resources from being modified unless they are modified by my Oauth app?
Thank you for reaching out to the Zoom Developer Forum. While there isn’t a method to restrict what they can do with their account, you can use the Meeting Updated Webhook to listen for changes to the meeting and update your database accordingly.
I hope that helps! Let me know if you have any questions.
@MaxM thank you for the information. As a quick follow up question:
If my Oauth relies on the parameter “Allow participants to join anytime” to be disabled, would you recommend listening for meeting update events, upon receiving one validating that the updated meeting was created by my Oauth app (we store the Meeting uuid of created meetings in our database), and simply updating the meeting again to undo the change the user just made? Would something like this pass functional testing (https://marketplace.zoom.us/docs/guides/publishing/app-submission) by the Zoom team? Thank you again for your help!
Thank you for your question. I reached out to the team that handles app approvals and they mentioned that we don’t have a policy on our marketplace to prevent this but that the documentation for the app would need to include a disclaimer for end-users that the app will automatically revert changes made to meetings created through the OAuth app.