DEV Community

Cover image for Device Authorization - Zoom
Tan Boon Jun for Zoom

Posted on • Edited on

Device Authorization - Zoom

Introduction

Zoom has recently introduced Device Authorization to better improve end user experience when authorizing apps to access Zoom user data on different devices. This also helps to establish a platform wide authorization and authentication workflow to support app access on devices for all Zoom products.

You can authorize with Zoom using the OAuth 2.0 Device Authorization Grant using a simply one-step process. This gives users, who are signed in with Zoom, the ability to authorize app access on another device without typing in the requested user code or needing to re-login to their Zoom account.


Prerequisite for Device Authorization setup

  1. Users must have an existing private Zoom OAuth-capable application (such as Meeting SDK, OAuth, Zoom App and etc) in their Zoom Developer account.
  2. Users will also need to reach out to Zoom's developer support in order to enable this feature and use within their private apps mentioned above.
  3. Postman or other API platform of choice used for testing purposes.
  4. QR code generator or other tools to further ease the authorize app access procedure (optional).

Steps to handle the OAuth 2.0 Device Authorization Grant

  1. Sign in with your Zoom developer account credential at https://marketplace.zoom.us/.
  2. Locate and access your Meeting SDK app by going to the "Manage" section
    Test
    If you do not have an app at the moment, you can create a new one by going to "Develop", followed by "Build App" and then select the app type of your choice.

  3. This article will use Meeting SDK as an example. Under the Feature tab, enable "Use App on Device"

  4. Under App Credentials -> OAuth credential, save your Client ID and Secret as we will be using these for the next part.

  5. Next, we will retrieve the device authorization information and the verification link. This article will use Postman with Basic Authorization to send a POST request with the client ID and secret to "https://zoom.us/oauth/devicecode"


  6. With the above result, there are a few ways you can redirect user's device by either sending them

    • "verification_uri" and "user_code" in another communication means such as email or SMS, Or Without user code embedded
    • "verification_uri_complete" which includes the user_code embedded inside With user code embedded TADA! There you have it! With the "verification_uri_complete" you can simply turn the link into a QR code for users to scan on their other device (w/ Zoom account signed in) and grant access to your application!

You can also visit our Zoom's Device Authorization Documentation here for more information on each of the request as well as response key and value.

  1. Upon successful verification, users will be prompted to authorize the user of your application.
  2. After clicking on allow, you will see a successful message (e.g. the one shown in the image below on the top right corner) and you can continue with your application.

What's next?

Polling Request for Access & Refresh Token

With the device code that we got previously and the same Basic Authorization used earlier, we can use it to retrieve the access and refresh tokens by calling POST to "https://zoom.us/oauth/token" with "grant_type" of "urn:ietf:params:oauth:grant-type:device_code" and "device_code" that you got from the previous API call.

With the access token, you can work wonders with the capabilities of Zoom's API such as creating a meeting, getting past meeting details and etc.

ZAK Token

In order to start an instant meeting on the user's behalf, we will need to retrieve their ZAK token. We can simply do this by using the access token we got previously and send a GET call to "https://api.zoom.us/v2/users/me/zak".

Potential Use Cases

Visit the next post to see what are the potential use case you can apply Device Authorization to.


Conclusion

With the introduction of the OAuth 2.0 Device Authorization Grant, we can easily authorize another device app access to Zoom easily with the already signed-in Zoom users and make things faster and easier for users!


Video Guide

Device Authorization - Full Setup

Top comments (12)

Collapse
 
mmimeault profile image
Michael Mimeault

Hi,

Thanks for sharing this post.

We implemented this new flow and it is working fine. Great job.

But I have a small technical question:
When the application is waiting for the user to sign-in, we are calling at a specific interval that url https://zoom.us/oauth/token until the user sign-in.

At what interval should we keep calling this URL? (Do you have any recommandation?) I guess this add some traffic to your servers, so I would like to pick a retry interval that has been accepted internally.

Thanks

Collapse
 
ticorrianheard profile image
Ticorrian Heard

Hi Michael,

We provide a minimum interval for you to use in the response body when you make a call to zoom.us/oauth/devicecode as shown:

Image description

You can specify any value higher than this minimum to suit your use case.

Thanks
Ticorrian

Collapse
 
mmimeault profile image
Michael Mimeault • Edited

Thanks, I wasn't sure how to interpret this value before.

But I still have some questions..

Is it in seconds?

By minimum you mean...
That we shouldn't call the server more than each 5 seconds?
It seem to be a long interval.
I was experimenting that sometime the server takes a couple of second (1 or 2) before actually returning the "success" response after the user log-in. In that case it mean the user could wait between 0 and 7 seconds before actually see the app updated with the credentials.

Is 5 seconds may get reduced in the future, or this is based on the average of all other services implementing such device-auth mechanism?

Sorry for being so specific with the interval here. But I just want to make sure we are giving to our users the best user experience.

Thanks.

Thread Thread
 
ticorrianheard profile image
Ticorrian Heard

No problem, I'm happy to help!

The value is in seconds. At the moment, we do not have plans to reduce this minimum time but I can log that as a feature request for our engineering team to evaluate.

Thanks
Ticorrian

Collapse
 
maurohorie profile image
MauroHorie

Hello,

I see the option to enable "Use App on Device" only when "Intend to Publish" is No. The option (and the functionality) disappears when "Intend to Publish" is yes. Is that a bug?

Collapse
 
boon9236 profile image
Tan Boon Jun

Hi @maurohorie, are you still experiencing this on your end?

Collapse
 
maurohorie profile image
MauroHorie

Yes, I still see it. The option is not available on the console.

Thread Thread
 
boon9236 profile image
Tan Boon Jun • Edited

@maurohorie that should not be the case. Can you request for support in our Dev Forum via the link here? Or if you happen to be our ISV partners, you can contact the ISV SE for support.

Thread Thread
 
maurohorie profile image
MauroHorie

Sure, will do. Thanks for responding!

Thread Thread
 
boon9236 profile image
Tan Boon Jun

You're welcome :)

Collapse
 
firas_zoom profile image
firas

Hi,

Thank you for this great explanation. I am at the end of my studies, and my project is to create custom applications with a powerful collaboration suite that includes designing and developing a web application that integrates features to optimize meetings (instant meetings, scheduled meetings, one-to-one calls, joining a Zoom meeting, and many more...). Each user can access these features by creating an account on this site.

I have read the Zoom documentation, but I'm confused about which app to use to start with. Should I use the Meeting SDK or Video SDK? Also, how can my users generate Zoom meetings without having a Zoom account?

By the way, the company i have an internship with is a Zoom partner. Please let me know if you have any advice to help me.

Thank you

Collapse
 
boon9236 profile image
Tan Boon Jun

Hey @firas_zoom,

Sorry for the late reply as I am not getting a notification whenever a new comment pops up. You can refer to this link for a quick comparison of the two SDKs. As for the generating of Zoom meeting, there needs to be a host in order to create a zoom meeting so either the host needs to create it or it can be done through our API here.

Let me know if you need more information on.

Thank you.