Description
Lets say we have one Zoom application in marketplace with
Redirect URL for OAuth == https://any.yourapp.com
And two(it can be more) subdomain:
https://sub1.yourapp.com
https://sub2.yourapp.com
John Doe works with sub1 and sub2 and wants to use his Zoom account in both subdomains at the same time. Internally in sub1 and sub2 it is two not related users, but linked to single Zoom account.
Let’s say a user “John Doe” did authorization in sub1. And he successfully received “Bearer” token.
Then, “John Doe” goes to https://sub2.yourapp.com
and do authorization for sub2. And he receives Bearer token as well.
Error
But, after that, the Bearer-token stored in sub1 is “Invalid access token.”
Try to https://api.zoom.us/v2/users/me
with Bearer from sub1 - fail, sub2 - success
Expectation
The “sub1” and “sub2” authorization flow is not related and it should be two independent(isolated) Bearer tokens for each domain.
As I understand Zoom treats Authorization/Token requests for sub1 and sub2 as the same thing. Yes, the Auth/Token requests has the same client_id
and the only difference is redirect_uri
. But I thought “Multiple Environments” are independent. Now, they are conflicting, each new Authorization process makes previous(on different subdomain) invalid.
Which App Type (OAuth / Chatbot / JWT / Webhook)?
Which Endpoint/s?
To get Bearer token, for each domain I use flow:
-
https://zoom.us/oauth/authorize?...&redirect_url=sub1...
(or sub2)
then https://zoom.us/oauth/token
- User Bearer token for
https://api.zoom.us/v2/users/me