Zoom App OAuth via Google/Microsoft - What domains to whitelist?

Hi all,

Zoom Apps Configuration
We’re developing a Zoom App with React frontend app and NodeJS/AWS Lambda as backend. For authentication we offer users to sign in with their existing Google or Microsoft 365 accounts.

Description
The Zoom App marketplace profile requires to whitelist all the domains the app interacts with. On the backend part we use Google APIs Node.js Client and google.auth.OAuth2, in particular. As we were developing and testing the app, we identified that for a few Google test accounts the next domains are being requested:

• accounts.google.com
• *.gstatic.com
• accounts.google.ca

It seems that in different countries Google uses different domains to host users’ account information (accounts.google.co.uk, accounts.google.co.in, to name a few). If a client has an account that is hosted in a domain not included in the whitelist, they experience issues with logging in. Nothing happens in the UI after pressing “Sign In” and we see a firewall error in the browser dev console. Is there any complete list of Google domains that need to be whitelisted to allow Google OAuth workflows?
Also, is there any recommendations on what Microsoft domains should be whitelisted?

Thanks!

This is a great question. Unfortunately, we don’t have a list of the domains that need to be whitelisted and I wasn’t able to find a list from Google.

With that being said, I’m working with our product and marketplace teams to see how we can address these types of roadblocks going forward. I’ll be sure to keep you posted.