Authentication

In-Client OAuth for Zoom Apps API

Zoom Apps In-Client OAuth offers a significant user experience improvement over the traditional web-based install flow to exchange an authorization code for an access token. This feature enables the Zoom app to trigger the exchange and receive of the access token within the Zoom client. This feature includes:

  • In-Client Add app: enable users to add the app from within the Zoom client.
  • Retrieval of Zoom REST API OAuth tokens.
  • In-client prompts for users to authorize updated scopes.

In this guide:
Enabling in-client oAuth for your app
Migrating and supporting traditional web-based installations
Testing adding apps during development

Enabling in-client OAuth for your app

1. Enable in-client OAuth in the build flow

  1. Login to the Zoom portal and go to Manage App -> your app -> Features, and enable In-client OAuth.
  2. Under the OAuth allow list section, add your app’s Home URL.

2. Use the authorize method and onAuthorized event in your app

The authorize method and the onAuthorized event are the in-client equivalent of a grant_type authorization_code request to the Zoom REST API to get the access token. This in-client flow involves two steps for developers:

  1. Invoke the authorize method with PKCE code_challenge (only code_challenge_method ‘plain’ is supported) and optional state:
    • If the app’s scopes are authorized by the user, it starts a non-interactive OAuth flow, completely invisible to the user.
    • If the app’s scopes have changed or added, it goes to the in-client consent screen, and the user is prompted to reauthorize the app’s scopes.
  2. Listen for an onAuthorized event with an authorization code. Your app needs to register a listener callback function for the onAuthorized event. The callback function is invoked after the Zoom Client internally checks if the user has authorized the app’s scopes. The event includes the user authorization code the app sends to the application server to request an access token for the Zoom REST API.

To use the method and event in your app:

  1. Add authorize and onAuthorized to capacities in the config call on Zoom App client.

    inclient01
  2. Invoke the Zoom Apps SDK authorize method with the following parameters:

    • A PKCE code_challenge. Only PCKE method ‘plain’ is supported
    • An optional state value.
    inclient02
  1. Register and listen for the onAuthorized event using the Zoom Apps SDK addEventListener method.

    inclient03
  1. (Optional) Verify the state value received in onAuthorized is the same as the value passed from the app to the authorize method.
  2. From the application server, send a token request with the code_verifier used to generate the code_challenge. This completes the In-Client OAuth flow: the application server has received an access token for the Zoom REST API.

Migrating and supporting traditional web-based installations

Keep the following in mind when migrating from web-based installs to Zoom App in-client adds:

  • That the in-client OAuth feature does not replace the traditional web-based install flow. Your app must continue to support the install flow from the Zoom Marketplace and your own install pages.
  • You must re-implement any extraneous functionality that takes place during the traditional (web-based) install flow, such as getting and saving user OAuth tokens for the Zoom API.
  • Some applications also create application users, create sessions, and more. These will have to be supported in the backend handler for the app’s home url using the X-Zoom-App-Context header on that request.

Testing adding apps during development

The in-client app flow to add an app is not available for unpublished apps. To test your app during development, we suggest these workarounds:

  • Single user
    Add your app and send it to yourself. Then remove the app, and add it in a way that triggers the in-client oauth flow.

    1. Log into Zoom marketplace web portal and add your app to your user account.  
    2. Open the Zoom client and start a meeting.  
    3. Open your app, and send the app invitation to all participants.  
    4. In the Zoom client, close the app, but do not end the meeting.  
    5. Go to the Zoom marketplace and remove the app.  
    6. Return to the meeting in the Zoom client, locate the app invitation in the chat tab, and accept it.
    
  • Two users (two Zoom instances)
    Add the app to your Zoom account and then invite another user to add the app.

    1. User1 logs into Zoom marketplace web portal and adds the app to their user account.  
    2. User1 opens the Zoom client and starts a meeting.  
    3. User2 (who hasn’t added the app) joins the meeting.  
    4. User1 sends User2 an invite to add the app.  
    5. User2 locates the app invitation in the chat tab, and clicks it to accept the invitation.
    

Need help?

If you're looking for help, try Developer Support or our Developer Forum. Priority support is also available with Premier Developer Support plans.