Issue Summary
After the JWT app deprecation (June 1, 2023), I’m unable to implement user management features using Server-to-Server OAuth due to missing admin scopes in the Marketplace UI and deprecated API endpoints.
Technical Details
Environment
- App Type: Server-to-Server OAuth
- Account Type: Pro Plan with Admin privileges
- Implementation: REST API integration
- Region: US
Required Functionality
- c4: User List (
GET /users
) - c5: User Create (
POST /users
) - c6: User Deactivate (
PATCH /users/{userId}/status
) - c7: User Reactivate (
PATCH /users/{userId}/status
)
Problems Encountered
Problem 1: Missing Admin Scopes in Marketplace UI
Required scopes not available for selection:
user:read:list_users:admin
(for user listing)user:write:user:admin
(for user creation)
Currently available scopes:
user:read:user
(granted)user:update:user
(granted)user:update:status
(granted)
Problem 2: API Endpoint Returns 404
Endpoint: PATCH /users/{userId}/status
Response: {"code":2300,"message":"This API endpoint is not recognized."}
Even with user:update:status
scope granted, the endpoint doesn’t exist.
API Test Results
User Creation Test
curl -X POST \
-H "Authorization: Bearer [ACCESS_TOKEN]" \
-H "Content-Type: application/json" \
-d '{"action":"create","user_info":{"email":"test@example.com","type":2}}' \
"https://api-us.zoom.us/v2/users"
Result: Invalid access token, does not contain scopes:[user:write:user:admin].
User Status Update Test
curl -X PATCH \
-H "Authorization: Bearer [ACCESS_TOKEN]" \
-H "Content-Type: application/json" \
-d '{"action":"deactivate"}' \
"https://api-us.zoom.us/v2/users/test-user-id/status"
Result: {"code":2300,"message":"This API endpoint is not recognized."}
User List Test
curl -H "Authorization: Bearer [ACCESS_TOKEN]" \
"https://api-us.zoom.us/v2/users"
Result: Invalid access token, does not contain scopes:[user:read:list_users:admin].
What I’ve Tried
-
Account Verification
Pro Plan account confirmed
Admin role assigned
App created in Marketplace with all available scopes
-
Documentation Review
Reviewed latest API documentation
Checked migration guides from JWT to OAuth
Verified endpoint URLs and request formats
-
Official Support
Technical support confirmed this is “configuration-related” and outside scope
Directed to Developer Forum
Questions for the Community
-
Are admin-level scopes (
user:write:user:admin
,user:read:list_users:admin
) still available?- If yes, how can I access them in the Marketplace UI?
- Do they require special account permissions or settings?
-
Is
PATCH /users/{userId}/status
endpoint deprecated?- What’s the current recommended method for user activation/deactivation?
- Are there alternative endpoints for user status management?
-
Has anyone successfully implemented user management with Server-to-Server OAuth post-JWT deprecation?
- What scopes and endpoints are you using?
- Any specific configuration steps required?
-
Migration Path from JWT Apps
- Are there any undocumented steps for JWT → OAuth migration?
- Do enterprise accounts have different scope availability?
Expected Behavior
User management operations (create, list, activate/deactivate) should be possible with Server-to-Server OAuth, similar to what was available with JWT apps before deprecation.
Additional Context
This integration worked perfectly with JWT apps before the June 2023 deprecation. The current OAuth implementation seems to be missing critical admin-level permissions that are essential for user management functionality.
Any guidance, workarounds, or alternative approaches would be greatly appreciated!
Tags: #server-to-server-oauth #user-management #jwt-migration #api-scopes #admin-permissions