cancel
Showing results for 
Search instead for 
Did you mean: 

Zoom JWT app deprecation

Ashwin95
Participant
Participant

Hi 


Wanted to know is there any deprecation plan for JWT APP.  Will it be deprecated in some time ?

If yes, how will it affect the existing JWT based apps we use.

 

 

2 ACCEPTED SOLUTIONS

Hi @FilipErni 

Correct. You will want to begin making plans to transition to S2S OAuth. 

https://marketplace.zoom.us/docs/guides/build/server-to-server-oauth-app/

View solution in original post

alexisbrown
Community Moderator | Employee
Community Moderator | Employee

As of July 20th, 2022, the reply authored by @kenny from June 2nd, 2022 is the latest and correct answer. 

 

Thank you!

Alexis

Zoom Community Moderator

View solution in original post

21 REPLIES 21

RN
Community Moderator | Employee
Community Moderator | Employee

Hi @Ashwin95, there are no plans to deprecate JWT. 🙂

⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯
Zoom Community Moderator
he/him/his

Have you heard about Zoom AI Companion? ➡️ Check it out!

Hi,

 

As @kolydart mentioned, Zoom sent an email stating that JWT apps will depreciate.

 

If I created an SDK app type in zoom marketplace and I'm generating the signature using JWT, does it mean that this method of generating a signature will depreciate in JUNE 2023?

 

I'm creating a JWT like it is described here:https://marketplace.zoom.us/docs/sdk/native-sdks/auth/#generate-the-sdk-jwt

Hi @FilipErni 

Correct. You will want to begin making plans to transition to S2S OAuth. 

https://marketplace.zoom.us/docs/guides/build/server-to-server-oauth-app/

Hi Kenny,

sorry for this intrusion, but it is one of the few posts on this topic and I try to ask for information here:

We have created a collaboration application that embeds zoom
and at the moment everything works perfectly.
The application provides access for some guests to the room of the account without the 
authentication of the main user, but only with the same room credentials for all the guests.

The authentication of the organizer is done with another app on our server.

Can you tell me how deprecating JWT will impact room access for a guest?

Thanks in advance,

 

Laura

How do I determine if I need to transition or if our account uses the JWT?

 

@Ginni Log onto the Zoom App Marketplace from your company's Admin or Developer account and select Manage. You will see a list of Created Apps with their status and type listed. If you have any JWT apps it will be clear from this list. 

kenny_0-1684274212043.jpeg

 

Hello

But with the new transition we don't get the Zoom api key and Zoom secret key

How are we going to use this is our websites?

Because it only gives Account ID, Client ID and Client secret which is not the same as above

 

Please advice

Thanks

 

Rather than building a S2S outh app, can we not use the LTI Pro app instead to integrate with an LMS, in our case Moodle?

kolydart
Newcomer
Newcomer

In the 5/21 newsletter distributed by zoom, a related announcement is mentioned:

 


JWT apps to be deprecated June 2023

The JWT app type will be completely deprecated as of June 2023. New and current users have 12 months to migrate their JWT based solutions to the Server-to-Server OAuth app type.

ction recommended: Create Server-to-Server OAuth app types to replace existing JWT app types. See the Changelog for details.


Changelog does not contain any related info. I dont' know what's going on.

alexisbrown
Community Moderator | Employee
Community Moderator | Employee

As of July 20th, 2022, the reply authored by @kenny from June 2nd, 2022 is the latest and correct answer. 

 

Thank you!

Alexis

Zoom Community Moderator

Matt8
Explorer
Explorer

Is there a deadline for switching to OAuth? I understand JWT will be deprecated but in my understanding, that is not the same thing as "stops working."

kenny
Zoom Employee
Zoom Employee

Thank you for your question, @Matt . 

The JWT app type will be deprecated June 1, 2023. After this date, you will no longer be able to use your JWT apps (they will stop working).

We recommend that you create Server-to-Server OAuth or an OAuth app to replace the functionality of a JWT app in your account.

See the FAQ for details.

Zoom Rooms customers who are using the Zoom Rooms JSON RPC web API should migrate to the equivalent REST API's. Documentation can be found here.

Customers using the Zoom for Salesforce app should migrate to OAuth as soon as possible. Migration instructions are available here.

@kenny just to triple confirm. I see @kolydart 's post that quotes an email from Zoom saying:


The JWT app type will be completely deprecated as of June 2023. New and current users have 12 months to migrate their JWT based solutions to the Server-to-Server OAuth app type.

 

That email from Zoom makes us think there is  a 12-month window starting in June 2023. However you said that the JWT apps will stop working on June 1, 2023. Which is it?

 

kenny
Zoom Employee
Zoom Employee

Confirmed with our Dev team that the deprecation date is indeed June 1, 2023 - there is no 12-month migration window. 

I am happy to chat directly with you on this - feel free to PM me

Thank you for clarifying.

Does the private message offer still stand, Kenny?  I'm not exactly sure how to do that on this platform?

My product has some questions about the migration after going through the articles & documentation.

For sure - happy to help if I am able.

@kenny  - the instructions for creating an Oauth app include "6. If you have the role permission to add scopes, add any scopes that you’d like to enable."

 

In our testing, we did not add scopes, and it worked. Is this expected?

 

kenny
Zoom Employee
Zoom Employee

@Matt8 consulted a colleague on this one, so credit goes to them for this answer.

Yes, that is expected. What you will see however is in the returned JSON the scope param will be NULL -  as in the example below. Yes, you have an access token, but using it with an API will return a 401 unauthorized or invalid token depending on the endpoint. 

 

{
 "access_token": "eyJzdiI6IjAwMDAwMSIsImFsZyI6IkhTNTEyIiwidiI6IjIuMCIsImtpZCI6ImUzNGExZjg5LTdkOGUtNGU1YS1iZmVjLTY0OGNkZjkxM2E3MiJ9.eyJhdWQiOiJodHRwczovL29hdXRoLnpvb20udXMiLCJ1aWQiOiJhQk0zT0FPVVNkMmtNNlBjZjdKa2lBIiwidmVyIjo5LCJhdWlkIjoiZmMwYjEyZjZmMGM2ZGIxOWZlNzYzN2FiMjE3NTAwMjEiLCJuYmYiOjE2ODQxNzc3NzksImNvZGUiOiJBWjl3ejA4MVR5ZWdVREZVSFFnWEVnSFhLaUFwRDkzUzkiLCJpc3MiOiJ6bTpjaWQ6dnVjd3Mzb1FXbWNTWTJsS3N3Zmh3IiwiZ25vIjowLCJleHAiOjE2ODQxODEzNzksInR5cGUiOjMsImlhdCI6MTY4NDE3Nzc3OSwiYWlkIjoiYUtURl8wODNTcWkyQXd6YnZoRDNydyJ9.rmnzXA74WCAkY4_QRSir9Oc9S4tJL4Isn2wxffvvqA2lHFC4fseqN94DUiXjYt7_kXyYzDyjNxSL6Pgh9oC8tg",
 "token_type": "bearer",
 "expires_in": 3599,
 "scope": ""
}

 


 https://developers.zoom.us/docs/internal-apps/s2s-oauth/#get-a-new-access-token

It appears you have completed the first step - get credentials - step 2 would be to use those credentials to do some action on the API.

You cannot move to step 2 because you currently have no permission in the token you get (scopes). Once a scope is assigned, and you generate a token that has that scope, you can use it to call the API and do some action.

@kenny - we were previously able to push meeting registrations to the API without setting any scopes. I know in your prior update you said it was required, however as I had said, we found it wasn't required.  Now, we are unable to push. We receive the error about invalid credential.

 

How do we determine which scopes are needed?

kenny
Zoom Employee
Zoom Employee

Hi Matt - Have you by chance seen this doc? It provides a breakdown of all the available OAuth scopes and their associated APIs.