Context
We are building a Zoom App that requires the email addresses of the meeting participants of a live meeting. The email is used on the backend as a user’s unique identifier, with the email we can retrieve their profile.
From the Zoom App, there is no way to access the emails. The only way we were able to get the emails is through an account-level OAuth integration with dashboard_meetings:read:admin
scope using the endpoint “List meeting participants”. So we created an OAuth app that accesses the API from the backend. The API endpoint requires the meetingId
…
We are using the JS SDK, which has a method getMeetingUUID
to get the meetingId
to be used in the OAuth app.
Question
We have all the pieces we need but we don’t know how to connect them. The way we expect it to work is that an end-user from a Zoom Client installs the Zoom App:
- An in-client OAuth process is started
- Once approved we get the
meetingId
- Send the meeting ID to the backend
- The backend (OAuth app) uses the meeting ID to get the meeting participants from the Zoom API
- Send back the list of meeting participants
- Display the profiles of the meeting participants in the Zoom App
The problem is that in step 4 an admin has to install the OAuth app and approve the permissions to access the API, in most cases the admin is a different user and in some cases, the end-user doesn’t have admin permissions.
So we have two different apps (Zoom App & OAuth App) with different scopes and access tokens.
We are thinking of “making the connection” using the account_number
or account_id
that can be obtained from the JWT tokens and the API. That is, our clients have to install the OAuth app first, we store the access token with the account_id
, then their users can install the Zoom App, with the account_id
from the JWT token of the Zoom App (aid
) we can retrieve the access token used for the OAuth app and do the request.
Looks like the account_id
is the identifier of a Zoom organization, it means that the app will only work for the same users of the same Org.
Do you think this is the way to go? Or is there another way to do this?
Thanks!