Unable to access admin scopes for user management after JWT app deprecation - Server-to-Server OAuth implementation issues

Issue Summary

After the JWT app deprecation (June 1, 2023), I’m unable to implement user management features using Server-to-Server OAuth due to missing admin scopes in the Marketplace UI and deprecated API endpoints.

Technical Details

Environment

• App Type: Server-to-Server OAuth
• Account Type: Pro Plan with Admin privileges
• Implementation: REST API integration
• Region: US

Required Functionality

• c4: User List (GET /users)
• c5: User Create (POST /users)
• c6: User Deactivate (PATCH /users/{userId}/status)
• c7: User Reactivate (PATCH /users/{userId}/status)

Problems Encountered

Problem 1: Missing Admin Scopes in Marketplace UI

Required scopes not available for selection:

• user:read:list_users:admin (for user listing)
• user:write:user:admin (for user creation)

Currently available scopes:

• user:read:user (granted)
• user:update:user (granted)
• user:update:status (granted)

Problem 2: API Endpoint Returns 404

Endpoint: PATCH /users/{userId}/status
Response: {"code":2300,"message":"This API endpoint is not recognized."}

Even with user:update:status scope granted, the endpoint doesn’t exist.

API Test Results

User Creation Test

curl -X POST \
  -H "Authorization: Bearer [ACCESS_TOKEN]" \
  -H "Content-Type: application/json" \
  -d '{"action":"create","user_info":{"email":"test@example.com","type":2}}' \
  "https://api-us.zoom.us/v2/users"

Result: Invalid access token, does not contain scopes:[user:write:user:admin].

User Status Update Test

curl -X PATCH \
  -H "Authorization: Bearer [ACCESS_TOKEN]" \
  -H "Content-Type: application/json" \
  -d '{"action":"deactivate"}' \
  "https://api-us.zoom.us/v2/users/test-user-id/status"

Result: {"code":2300,"message":"This API endpoint is not recognized."}

User List Test

curl -H "Authorization: Bearer [ACCESS_TOKEN]" \
  "https://api-us.zoom.us/v2/users"

Result: Invalid access token, does not contain scopes:[user:read:list_users:admin].

What I’ve Tried

1. Account Verification

   • Pro Plan account confirmed
   • Admin role assigned
   • App created in Marketplace with all available scopes

2. Documentation Review

   • Reviewed latest API documentation
   • Checked migration guides from JWT to OAuth
   • Verified endpoint URLs and request formats

3. Official Support

   • Technical support confirmed this is “configuration-related” and outside scope
   • Directed to Developer Forum

Questions for the Community

1. Are admin-level scopes (user:write:user:admin, user:read:list_users:admin) still available?

   • If yes, how can I access them in the Marketplace UI?
   • Do they require special account permissions or settings?

2. Is PATCH /users/{userId}/status endpoint deprecated?

   • What’s the current recommended method for user activation/deactivation?
   • Are there alternative endpoints for user status management?

3. Has anyone successfully implemented user management with Server-to-Server OAuth post-JWT deprecation?

   • What scopes and endpoints are you using?
   • Any specific configuration steps required?

4. Migration Path from JWT Apps

   • Are there any undocumented steps for JWT → OAuth migration?
   • Do enterprise accounts have different scope availability?

Expected Behavior

User management operations (create, list, activate/deactivate) should be possible with Server-to-Server OAuth, similar to what was available with JWT apps before deprecation.

Additional Context

This integration worked perfectly with JWT apps before the June 2023 deprecation. The current OAuth implementation seems to be missing critical admin-level permissions that are essential for user management functionality.

Any guidance, workarounds, or alternative approaches would be greatly appreciated!

---

Tags: #server-to-server-oauth #user-management #jwt-migration #api-scopes #admin-permissions