SDK authorization and PKCE OAuth

The Meeting SDK for Unreal Engine contains a helper called ZM_INIT_PKCE_AUTH_WIDGET that demonstrates the initialization, authorization, and login process. It outlines the token generation processes and relevant wrapper functions.

ZM_INIT_PKCE_AUTH_WIDGET is provided as a tutorial only. Do not use it in any published application in the Zoom App Marketplace, because it directly receives the client ID and secret from the widget UI for demonstration purposes. The client ID and secret credentials should be either cryptographically secured on disk or secured remotely on a backend server.

For more information, see the Meeting SDK for Windows documentation for SDK authorization and OAuth.

Initialize and authorize the SDK

The Meeting SDK for Unreal contains several helper components for initializing and authorizing the SDK, including:

  • GenerateJWTAuthToken
    • Use the client ID and client secret to create a JWT for authorizing the SDK.
  • Execute SDKInit function
    • Initialize the SDK with certain parameters.
  • Execute SDK Auth JWT function
    • Authorize the SDK with a JWT token.
  • Execute SDK Cleanup function
    • De-initialize the SDK.
  • SDK Logout
    • De-authorize the SDK.
  • SDK Init and Auth
    • Combination function for initialization and authorization in a single step.
  • OnAuthenticationReturnDelegate_Event
    • Returns when the SDK is authenticated.

Complete a possible SDK initialization and authorization flow using these functions above.

  1. Use the client ID and client secret to create a JWT.
  2. Pass the JWT to the SDK Init and Auth function and execute the function.
  3. Bind an event to OnAuthenticationReturnDelegate and listen to the associated event to know when the function has successfully completed.

Until the SDK is both initialized and authorized, other functions won't execute successfully. To end use of the SDK, such as when exiting an Unreal simulation, deauthorize and clean up the SDK.

See ZM_INIT_PKCE_AUTH in the sample project assets for an example of SDK initialization and authorization in Unreal Blueprints.

Notice: It is prohibited to hardcode or otherwise insecurely store or access the client secret in published Marketplace applications.

PKCE OAuth

The Meeting SDK for Unreal has several helper components for completing a Proof Key of Code Exchange (PKCE) OAuth flow. Some of these are:

  • GeneratePKCEAuthPair
    • Use the client ID and redirect URL to create a UEAuth_Pair object.
  • UEAuth_Pair
    • An object containing an authorization URL and code verifier.
  • Base64Encode
    • Encodes a string into base64, which is helpful for building an authorization HTTP header with the client ID and client secret.

Complete a possible PKCE OAuth flow using these functions.

  1. Use the client ID and redirect URL to create a UEAuth_Pair.
  2. Have the user log in at the web address in the UEAuth_Pair's Auth URL component.
  3. Capture the code appended to the redirect URL after a successful login.
  4. Create an HTTP request to the Zoom OAuth token request API, incorporating the base64 encoding of the client ID and secret for the authorization header, the redirect URL, and the code verifier from the UEAuth_Pair.
  5. Use the OAuth Access token to request a ZAK token from the Meeting API.
  6. Use the ZAK token to join a meeting as a user by including it in the Execute join Zoom Meeting function.

See ZM_INIT_PKCE_AUTH in the sample project assets for an example of PKCE OAuth in Unreal Blueprints.

Notice: It is prohibited to hardcode or otherwise insecurely store or access the client secret in published Marketplace applications.