Open spong opened 2 weeks ago
Hi @spong,
While creating the new Server-to-Server OAuth
application permission, we now need to select the granular permissions
https://developers.zoom.us/docs/integrations/oauth-scopes-overview/.
Here is the new permissions that you can use in place of the old ones:
Old Permissions (scopes) | New Permissions (granular scopes) |
---|---|
user:read:admin | user:read:list_users:admin |
meeting:read:admin | meeting:read:list_meetings:admin, meeting:read:list_past_participants:admin |
recording:read:admin | cloud_recording:read:list_user_recordings:admin |
chat_channel:read:admin | team_chat:read:list_user_channels:admin |
chat_message:read:admin | team_chat:read:list_user_messages:admin |
Thank you @moxarth-elastic -- I will give this a try later this week and report back π
So yeah, looks like my developer account does not have access to those scopes:
I didn't see anywhere in the zoom docs where it mentions their admin features for limiting scopes of app developers. I will check with IT and see what they have to say on their end. With the scopes I currently have there's not much I can do with the connector unfortunately π
I do have access to cloud_recording:read:list_account_recordings:admin
vs cloud_recording:read:list_user_recordings:admin
, so maybe I can at least sync recording information? Will the connector pull data for whatever scopes it has access to, or is its syncing hardcoded and reliant on these exact scopes?
Either way, we'll need to update the docs with the above granular scopes. Do we need to create another issue for that, or is that change made in the connectors
repo?
So yeah, looks like my developer account does not have access to those scopes: I didn't see anywhere in the zoom docs where it mentions their admin features for limiting scopes of app developers. I will check with IT and see what they have to say on their end. With the scopes I currently have there's not much I can do with the connector unfortunately π
Seems like you don't have enough permissions to view these permissions, refer this for more info https://developers.zoom.us/docs/internal-apps/#enable-the-server-to-server-oauth-role
I do have access to cloud_recording:read:list_account_recordings:admin vs cloud_recording:read:list_user_recordings:admin, so maybe I can at least sync recording information?
I think you should give it a try since we didn't have a Pro account to test this, apart from recordings, other objects are fetched and ingested successfully with the above mentioned permissions.
Will the connector pull data for whatever scopes it has access to, or is its syncing hardcoded and reliant on these exact scopes?
The connector requires a minimum scope of "user:read:list_users:admin" to fetch data, and once that scope is available, it can dynamically fetch data for additional scopes.
Either way, we'll need to update the docs with the above granular scopes. Do we need to create another issue for that, or is that change made in the connectors repo?
The doc changes are yet to done, once you verify the permissions from your end; we can ask @leemthompo to update the documentation.
The connector requires a minimum scope of "user:read:list_users:admin" to fetch data, and once that scope is available, it can dynamically fetch data for additional scopes.
Ok, this is good to know. I've asked IT to ensure this specific scope is enabled for my account. I tried again just in case and it's indeed failing on that initial https://api.zoom.us/v2/users?page_size=300
request:
Bug Description
In setting up the Zoom connector to test with the latest Security Assistant Knowledge Base features, it was noted that the scopes detailed in the Zoom connector documentation do not match any of the available scopes provided by Zoom.
Looking through the Zoom OAuth Scopes documentation, as far as I can tell this isn't a privilege issue on my end, but perhaps a compatibility change with the introduction of granular and optional scopes on 21-MAR-2024.
The required OAuth scopes detailed in our documentation are as follows:
And searching for any of these scopes in the
Add Scopes
interface when setting up your Zoom app will return no matches. E.g.In going through all the scopes, the below are the best matches I could find to those recommended in the docs:
After completing the App configuration and activating the app, I created the Zoom connector in Kibana and while the sync was successful, it failed to sync any data. This is the output from the connector logs:
To Reproduce
Steps to reproduce the behavior:
Server-To-Server OAuth
Zoom App as detailed in the Zoom connector docsScopes
are different than detailed in docs, and select nearest matching scopesExpected behavior
Environment
Running Kibana/ES/Connectors from source, on
main
branch.