Request user authorization PKCE
Step 1: Request User Authorization
Zoom supports Proof Key for Code Exchange (PKCE) when requesting user tokens. This offers better security by enabling clients to use a code challenge and code exchange as part of the initial user authorization request. See rfc7636 for more information.
Option 1: via Manual Header
To use this feature, send the
code_challenge
field and optional
code_challenge_method
field in Params in the user Authorization request. Then send the
code_verifier
field in the
POST Request access token PKCE
request params.
If Zoom verifies that the
code_challenge
and the
code_verifier
values match, the token endpoint continues processing. If they do not match, you will receive an
invalid_grant
error.
Option 2: via Auth Helper
Use the Authorization tab to both authorize and retrieve the access token with PKCE. Everything has been configured for you.
Developer Documentation:
Request Params
| Key | Datatype | Required | Description |
| response_type | string | | |
| client_id | string | | OAuth application's Development or Production Client ID. |
| redirect_uri | string | | URI to handle successful user authorization. Must match with Development or Production Redirect URI in your OAuth app settings.
|
| state | null | | (Optional) An opaque value that you can use to maintain state between the request and callback. The authorization server appends the state value to the redirect URI. This is also useful to prevent cross-site request forgery. |
| code_challenge | null | | Required for PKCE. A challenge derived from the code verifier sent in the authorization request to verify against the code_verifier later. |
| code_challenge_method | string | | Optional. A method that was used to derive the code challenge. Defaults to "plain" if not present in the request. Code verifier transformation method is "S256" or "plain".
|
HEADERS
| Key | Datatype | Required | Description |
RESPONSES
status: ``