Introduction
Zoom has recently introduced Device Authorization to better improve end user experience when authorizing apps to access Zoom user data on different devices. This also helps to establish a platform wide authorization and authentication workflow to support app access on devices for all Zoom products.
You can authorize with Zoom using the OAuth 2.0 Device Authorization Grant using a simply one-step process. This gives users, who are signed in with Zoom, the ability to authorize app access on another device without typing in the requested user code or needing to re-login to their Zoom account.
Prerequisite for Device Authorization setup
- Users must have an existing private Zoom OAuth-capable application (such as Meeting SDK, OAuth, Zoom App and etc) in their Zoom Developer account.
- Users will also need to reach out to Zoom's developer support in order to enable this feature and use within their private apps mentioned above.
- Postman or other API platform of choice used for testing purposes.
- QR code generator or other tools to further ease the authorize app access procedure (optional).
Steps to handle the OAuth 2.0 Device Authorization Grant
- Sign in with your Zoom developer account credential at https://marketplace.zoom.us/.
Locate and access your Meeting SDK app by going to the "Manage" section
If you do not have an app at the moment, you can create a new one by going to "Develop", followed by "Build App" and then select the app type of your choice.This article will use Meeting SDK as an example. Under the Feature tab, enable "Use App on Device"
Under App Credentials -> OAuth credential, save your Client ID and Secret as we will be using these for the next part.
Next, we will retrieve the device authorization information and the verification link. This article will use Postman with Basic Authorization to send a POST request with the client ID and secret to "https://zoom.us/oauth/devicecode"
-
With the above result, there are a few ways you can redirect user's device by either sending them
- "verification_uri" and "user_code" in another communication means such as email or SMS, Or
- "verification_uri_complete" which includes the user_code embedded inside
TADA! There you have it! With the "verification_uri_complete" you can simply turn the link into a QR code for users to scan on their other device (w/ Zoom account signed in) and grant access to your application!
- "verification_uri" and "user_code" in another communication means such as email or SMS, Or
You can also visit our Zoom's Device Authorization Documentation here for more information on each of the request as well as response key and value.
- Upon successful verification, users will be prompted to authorize the user of your application.
- After clicking on allow, you will see a successful message (e.g. the one shown in the image below on the top right corner) and you can continue with your application.
What's next?
Polling Request for Access & Refresh Token
With the device code that we got previously and the same Basic Authorization used earlier, we can use it to retrieve the access and refresh tokens by calling POST to "https://zoom.us/oauth/token" with "grant_type" of "urn:ietf:params:oauth:grant-type:device_code" and "device_code" that you got from the previous API call.
With the access token, you can work wonders with the capabilities of Zoom's API such as creating a meeting, getting past meeting details and etc.
ZAK Token
In order to start an instant meeting on the user's behalf, we will need to retrieve their ZAK token. We can simply do this by using the access token we got previously and send a GET call to "https://api.zoom.us/v2/users/me/zak".
Potential Use Cases
Visit the next post to see what are the potential use case you can apply Device Authorization to.
Conclusion
With the introduction of the OAuth 2.0 Device Authorization Grant, we can easily authorize another device app access to Zoom easily with the already signed-in Zoom users and make things faster and easier for users!
Video Guide
Device Authorization - Full Setup
Top comments (12)
Hi,
Thanks for sharing this post.
We implemented this new flow and it is working fine. Great job.
But I have a small technical question:
When the application is waiting for the user to sign-in, we are calling at a specific interval that url
https://zoom.us/oauth/tokenuntil the user sign-in.At what interval should we keep calling this URL? (Do you have any recommandation?) I guess this add some traffic to your servers, so I would like to pick a retry interval that has been accepted internally.
Thanks
Hi Michael,
We provide a minimum interval for you to use in the response body when you make a call to zoom.us/oauth/devicecode as shown:
You can specify any value higher than this minimum to suit your use case.
Thanks
Ticorrian
Thanks, I wasn't sure how to interpret this value before.
But I still have some questions..
Is it in seconds?
By minimum you mean...
That we shouldn't call the server more than each 5 seconds?
It seem to be a long interval.
I was experimenting that sometime the server takes a couple of second (1 or 2) before actually returning the "success" response after the user log-in. In that case it mean the user could wait between 0 and 7 seconds before actually see the app updated with the credentials.
Is 5 seconds may get reduced in the future, or this is based on the average of all other services implementing such device-auth mechanism?
Sorry for being so specific with the interval here. But I just want to make sure we are giving to our users the best user experience.
Thanks.
No problem, I'm happy to help!
The value is in seconds. At the moment, we do not have plans to reduce this minimum time but I can log that as a feature request for our engineering team to evaluate.
Thanks
Ticorrian
Hello,
I see the option to enable "Use App on Device" only when "Intend to Publish" is No. The option (and the functionality) disappears when "Intend to Publish" is yes. Is that a bug?
Hi @maurohorie, are you still experiencing this on your end?
Yes, I still see it. The option is not available on the console.
@maurohorie that should not be the case. Can you request for support in our Dev Forum via the link here? Or if you happen to be our ISV partners, you can contact the ISV SE for support.
Sure, will do. Thanks for responding!
You're welcome :)
Hi,
Thank you for this great explanation. I am at the end of my studies, and my project is to create custom applications with a powerful collaboration suite that includes designing and developing a web application that integrates features to optimize meetings (instant meetings, scheduled meetings, one-to-one calls, joining a Zoom meeting, and many more...). Each user can access these features by creating an account on this site.
I have read the Zoom documentation, but I'm confused about which app to use to start with. Should I use the Meeting SDK or Video SDK? Also, how can my users generate Zoom meetings without having a Zoom account?
By the way, the company i have an internship with is a Zoom partner. Please let me know if you have any advice to help me.
Thank you
Hey @firas_zoom,
Sorry for the late reply as I am not getting a notification whenever a new comment pops up. You can refer to this link for a quick comparison of the two SDKs. As for the generating of Zoom meeting, there needs to be a host in order to create a zoom meeting so either the host needs to create it or it can be done through our API here.
Let me know if you need more information on.
Thank you.