Server to Server Authentication Missing Scopes

Scopes Missing for Server to Server Authentication
Description

When creating a new server to server authentication the scopes meeting:write:meeting:admin are not available to be selected. This is a result of permissions for sure, however our security team is cautious to give developers admin permissions similar to some other posts (which your site will not let me link :frowning: ).

What are the minimum necessary permissions for the application to create a meeting?

Security is concerned providing these permissions:
Account Management: Account Profile

Account Management: Account Settings

User and Perm Management: Users

“Missing scopes in server-to-server authentication usually mean the required permissions weren’t set correctly during configuration. Double-check the scope values in your API settings and ensure they align with what the application is requesting. I also share useful guides and creative resources on my app”

Correct. We are wanting to identify the exact required permissions for meeting:write to display in the Scopes option

Hi @Smwest87
Thanks for reaching out to us!
To be able to add the meeting:write:meeting:admin scope in a Server to Server OAuth app, your developer role should have at least the Users permission settings enable to view and edit

Hi @elisa.zoom!
So for an application to be able to create a meeting, the user account needs to be able to edit user information? All we’re trying to do is have an integration create a meeting so I’m not sure why admin scopes are required for that.

Yes @Ryan15
This is because a Server to Server Oauth app is an account Admin level app.
You could work with a General Oauth app to have more granularity

Hey Elisa,

The simplicity of Server to Server authentication is the main reason we leaned towards it. Having to create an OAuth flow to handle our use case seemed like a large lift compared to calling for an access token and using it. General apps can only use the OAuth flow is that correct?

You are correct, General apps can only use the OAuth flow.