Zoom JWT to S2S Oauth

todin · February 5, 2023, 8:30pm

Hi,

I’m newbie on API and i have problem with that integration. JWT token expiring and I need to take zoom audit logs to QRadar via that workflow but i couldn’t change auth method jwt to s2s oauth can you help me with this?

<?xml version="1.0" encoding="UTF-8" ?>
<Parameters>
    <Parameter name="host" label="Host" required="true" default="api.zoom.us" />
    <Parameter name="api_key" label="API Key" required="true" />
    <Parameter name="api_secret" label="API Secret" required="true" secret="true" />
</Parameters>
<Actions>
    <!-- Initialize the Bookmark -->
    <Initialize path="/bookmark" value="1970-01-01" />
    <!-- Create an Access Token -->
    <CreateJWTAccessToken savePath="/access_token">
        <Header>
            <Value name="alg" value="HS256" />
            <Value name="typ" value="JWT" />
        </Header>
        <Payload>
            <Value name="iss" value="${/api_key}" />
        </Payload>
        <Secret value="${/api_secret}" />
    </CreateJWTAccessToken>
    <!-- Fetch Events -->
    <CallEndpoint url="https://${/host}/v2/report/operationlogs" method="GET" savePath="/get_events">
        <BearerAuthentication token="${/access_token}" />
        <QueryParameter name="from" value="${/bookmark}" omitIfEmpty="true" />
<QueryParameter name="page_size" value="300" />
    </CallEndpoint>
    <!-- Handle Errors -->
    <If condition="/get_events/status_code != 200">
        <Abort reason="${/get_events/body/code}: ${/get_events/body/message}" />
    </If>
    <!-- Post Events, if any -->
    <If condition="count(/get_events/body/operationlogs) > 0">
        <PostEvents path="/get_events/body/operationlogs" source="${/host}" />
        <!-- Update the bookmark -->
        <ParseDate pattern="yyyy-MM-dd'T'HH:mm:ss'Z'" timeZone="UTC" date="${max(/get_events/body/operationlogs/time)}" savePath="/last_event_time" />
        <FormatDate pattern="yyyy-MM-dd" timeZone="UTC" time="${/last_event_time + 86400000}" savePath="/bookmark" />
    </If>
</Actions>
<Tests>
    <DNSResolutionTest host="${/host}" />
    <TCPConnectionTest host="${/host}" />
    <SSLHandshakeTest host="${/host}" />
    <HTTPConnectionThroughProxyTest url="https://${/host}" />
</Tests>

gianni.zoom · February 6, 2023, 6:30pm

Hi @todin ,

Can you please clarify where in the process you need help?

Have you already successfully created and authorized a server to server OAuth app?

todin · February 6, 2023, 6:43pm

Hi Gianni,

I created app and this workflow working with jwt token and i need to change this method s2s oauth.

Best Regards.

gianni.zoom · February 6, 2023, 8:28pm

Hi @todin , I’m sorry I am confused – is that a yes, you’ve created the server-to-server OAuth application or no, you’ve only created a JWT app?

todin · February 6, 2023, 8:41pm

I have created oauth application on zoom side and i need to integrate with that workflow qradar. So thats why i need to change workflow jwt auth to s2s oauth on this workflow

todin · February 10, 2023, 10:19am

Is there any update?

gianni.zoom · February 22, 2023, 6:21pm

Hi @todin ,

I am still confused. You cannot just change JWT to Server to Server. You have to create a new and separate Server to Server app.

Can you please share the QRadar documentation so I know better how you’re trying to use it with Zoom?

todin · February 22, 2023, 6:35pm

Hi Gianni,

Below article based on jwt token and expiring i need to s2s oauth.

Best Regards.

gianni.zoom · March 1, 2023, 8:40pm

Okay thanks for sharing.

You have to create a Server-to-Server OAuth app, not an OAuth app: https://marketplace.zoom.us/docs/guides/build/server-to-server-oauth-app/

Then use the Client Id and Client Secret. Although in these directions, I do not see where you’re supposed to integrate the client credentials. Can you please clarify that part for me?