Labsco
openai logo

zoom-oauth

✓ Official4,081

by openai · part of openai/plugins

Use when implementing OAuth.

🧩 One of 7 skills in the openai/plugins package — works on its own, and pairs well with its siblings.

This is the playbook your agent receives when the skill activates — you don't need to read it to use the skill, but it's here to audit before installing.

Zoom OAuth

Use this skill for concrete Zoom authentication implementation and troubleshooting. Prefer setup-zoom-oauth for the first-pass setup plan, then return here for exact flows, scope behavior, refresh handling, and error diagnosis.

Workflow

  1. Identify the app type and actor: user-level OAuth, account-level OAuth, server-to-server OAuth where officially supported, SDK JWT, or Build-platform credentials.
  2. Confirm the target API, SDK, or app surface, because scopes and token audiences differ by surface.
  3. Choose the grant flow: authorization code with PKCE for public clients, authorization code for confidential web apps, device authorization where appropriate, or account credentials for supported account-level automation.
  4. Store refresh tokens as single-use values: persist the replacement refresh token returned by each refresh response before reusing the old one.
  5. Validate requests against redirect URI, account ID, scopes, app publication state, and token expiration before changing application code.
  6. For local development, keep access tokens out of logs and treat refresh tokens as single-use when rotating credentials.

References