Zoom OAuth + JWT Issues

I’ve seem to run into an obstacle while integrating Zoom into my web application, let’s call it MyWebApp for purposes of this post. This is the workflow of the Zoom integration:

  1. User logs into their MyWebApp account. (Works)

  2. User navigates to the Video Meetings page within MyWebApp. (Works)

  3. MyWebApp prompts the user for their Zoom login using a published Zoom OAuth app. (Works)

  4. User is authenticated. MyWebApp stores the returned access tokens. (Works)

  5. Using MyWebApp the user creates a scheduled Zoom meeting. (Works)

  6. MyWebApp uses a Java backend, the OAuth tokens, and the Zoom API to schedule the meeting via Zoom. (Works)

** Here’s where the problem lies.

  1. User then attempts to Join the scheduled meeting as HOST via the Web SDK from within MyWebApp. MyWebApp launches a browser window with the Zoom Web App passing in the required parameters for the meeting. A generated signature is one of the required parameters. A generated signature requires an API Key and Secret. This can only be obtained from a Zoom JWT App. Therefore I have added a Zoom JWT App to the same account that owns the Zoom OAuth app. The signature is generated from the JWT App’s API Key and Secret.

This scenario works if:

  1. The user joining the meeting as the HOST is logged into the same Zoom account that owns the OAuth and JWT apps.

  2. The user joins the meeting as ATTENDEE. No OAuth is needed.

The scenario doesn’t work if:

  1. The user who scheduled and is joining the meeting as HOST is logged into a different OAuth account than the one that owns the OAuth and JWT apps.

In this case, the Zoom Web API returns an Invalid Signature Error.

Scenario 3 is critical in getting the Zoom integration to work within MyWebApp. The whole purpose of the integration was to allow users to manage and join meetings via their own Zoom accounts from within MyWebApp.

The requirement of needing a JWT app that is separate from the published OAuth App seems to be creating this problem.

It would appear that a user can only join a scheduled meeting as HOST, if that meeting was scheduled using the account that owns the OAuth and JWT apps.

I have seen a few other posts describing the same problem. Those posts have been closed and I did not see a solution posted.

Is there a solution to this problem or a workaround?

I have promised my users Zoom integration features and have all the code in place; however, I cannot release the feature due to this problem.

Hi @m.warble,

Thank you for wording your workflow so precisely, and I understand the issue you’re running into here.

You’ve raised a similar concern to this thread, which you might find helpful for how best to handle this:

At the moment, I’m afraid there’s no direct way to handle this exact situation, but it’s something that has been raised with our team. (CS-2206)

Your best bet for now would be to have the host of the meeting start the meeting via the start_url and Zoom App first, and then have the other participants join via the Web SDK, as Tommy mentioned in the linked thread above.

That said, I realize this is not ideal, and do appreciate the issue this causes for your integration. I will be sure to raise this feedback with our team.


Okay thanks. Is there a way to check the progress of CS-2206?

Hey @m.warble,

This is an internal identifier, but you can stay subscribed to this thread and our Changelog for updates.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.