I am developing an application using the Zoom Meeting SDK in C++. After June 2023, it will no longer be possible to create apps of the JWT type, and existing JWT apps will need to migrate to OAuth. However, the Zoom official documentation advises using JWT for SDK authentication. So, my question is, does OAuth only refer to “user authentication” and is it separate from “SDK authentication”? In other words, even if I migrate to an OAuth-type app, do I still need to use JWT for SDK authentication, or can SDK authentication also be done using OAuth token or something?
I have been able to obtain an access token and a Zak token using the PKCE OAuth, and I am currently testing how it works using the demo source code provided by Zoom (which is included the SDK). Currently, it seems to work fine when I input the Client ID and Client Secret obtained when creating the app on the Zoom Marketplace, or a JWT token generated on the server-side with them, into IAuthService::SDKAuth(). The demo app works well with this approach, but it only works when SDKAuth() is called. Will this method still be available after Zoom stops JWT authentication, September 2023?
Thanks for your question. Here are clarification to help you understand
JWT App Type is often confused with JWT Token, but they refer to 2 different things. JWT App Type is not JWT Token
JWT App Type which is deprecating in June 2023 (soft deadline) is used to call Zoom REST API
The recommended upgrade path after Sep 2023 (hard deadline) is to use Server to server OAuth App Type or OAuth App Type. These will allow you to get ZAK token for user authentication.
Meeting SDK App Type has Client ID and Client Secret, which allow developers to create a JWT Token to auth Zoom Meeting SDK. These Client ID and Client Secret also allows you to call Zoom REST API
Now, in my understanding, there are 4 different kinds of APP Type in this topic:
JWT App Type
Server to server OAuth Type
Meeting SDK App Type
and an app of 1. JWT App Type needs to be migrated to 2. Server to server OAuth Type or 3. OAuth Type.
The Meeting SDK App Type is slightly different from other types. For authentication of the SDK itself, either the Client ID and Client Secret or a JWT Token (it is a different conception from JWT App Type ) generated from them is required. The Zoom REST API can also be invoked using the Client ID and Client Secret. However, if I want to call the Zoom REST API with using a ZAK Token, the app needs to generate the ZAK Token using either Server-to-server OAuth or OAuth (or PKCE OAuth) scheme.
So in the case when I develop an app with Meeting SDK (and the app doesn’t call some APIs that require a ZAK Token), I don’t need to care about OAuth things.
Thank you again, I think I’m clear now.
Please let me know if my understanding is wrong in any way.
For authentication of the SDK itself, the Meeting SDK App Type will provide you with Client ID and Client Secret. You use the Client ID and Client Secret to generate / sign a JWT Token. This JWT token is used for SDK Auth.