Description
I understand the benefit of creating apps for the marketplace, but in my opinion it defeats of the purpose of integration of an OAuth flow if the user still has to be added to your account. I have an app that is responsible for only creating meetings on behalf of the host. There is no other api route that we use except for managing said meeting (via a user-left webhook). I would believe that an OAuth flow would be sufficient for that without having to complete the publishing process. Perhaps I am approaching this incorrectly, however using OAuth with a user-level app would still need for users to be added to the account if I decide against publishing. Again, i believe this is redundant as adding a user to an account will already send them an email to connect which handles the auth process… Would love to get some feedback on this.
My solution for the time being is to just use a JWT implementation and have the users connect with my account. I just am not completely sure on having them added to my account as I am not aware of their current zoom account configurations (licensed, previously recorded meetings, etc).
I’m not sure of the intention on forcing OAuth apps to be published. The documentation is not clear on whether publishing an app is intended for the marketplace or just as vetting process for apps. In any case, I would just like to have the meeting creation flow for my users be as seamless as possible. I have read solutions that include creating other users on my account and use them to create the meetings until they reach their rate limit, but this seems a bit jerry-rigged to me.
Ultimately, I’m wondering what the use cases are for those who are creating apps that integrate zoom into their business features, but aren’t looking to publish a zoom app that works outside of the context of our businesses, if that makes sense.
Happy to clear anything up if it’s not clear.
Which App Type (OAuth / Chatbot / JWT / Webhook)?
OAuth / JWT
Thanks for reaching out about this, and I appreciate the feedback on our OAuth Apps/Publishing requirements as well—I understand this can be a bit confusing.
As you mentioned:
Perhaps I am approaching this incorrectly, however using OAuth with a user-level app would still need for users to be added to the account if I decide against publishing. Again, i believe this is redundant as adding a user to an account will already send them an email to connect which handles the auth process… Would love to get some feedback on this.
Your understanding is correct—if your OAuth App is not published, then users will need to be under your own Zoom account in order to authorize/utilize the app.
At the moment, Zoom requires that in order to access/manage any user or account’s data outside of your own, your OAuth App be published publicly, in an effort for complete transparency.
If you do not need to access user/account data outside of your own, a JWT app would be the most common app type to leverage. An unpublished/private OAuth App also still offers some benefits for use under a single account, as it allows you to set user level scopes, managing the extent of which data users who have installed the app (under your account) can expect the app to access. A JWT app, on the other hand, is account wide and contains all the scopes of the account admin.
Having said this, we do have it on our roadmap to revisit the OAuth App requirements, and this is valuable feedback.
I hope this helps to clarify where things are currently, but let me know if you still have questions.