Choose and troubleshoot Zoom OAuth settings, scopes, and token refresh behavior.
The material indicates this is essentially a reference/documentation skill for Zoom OAuth, and the system marks it as prompt-only with no declared secrets, remote endpoints, or local execution. Overall risk is low, though it discusses OAuth credentials and token lifecycle, so real secrets should still not be exposed in chats.
The material is an authentication reference. The README mentions Client ID, Client Secret, and Account ID as Zoom OAuth prerequisites, but the skill itself does not declare any environment variables or a mechanism to collect, store, transmit, or misuse credentials.
No remote endpoints are declared, and the system marks it as prompt-only. The Zoom Marketplace link appears only as documentation; there is no evidence this skill sends user data to any third-party service.
As a reference-style skill, the material does not describe launching local processes, executing scripts, installing dependencies, or invoking system capabilities; based on the facts provided, there is no code-execution surface.
It does not declare the ability to read or write local files, databases, browser sessions, or Zoom account data. The content is primarily about OAuth flows, scopes, and troubleshooting, with no indicated data-access permissions.
The source is an open-source GitHub repository, which materially lowers risk because it is auditable. However, the license is unspecified, community adoption is 0 stars, and maintenance status is unknown, so supply-chain trust still warrants caution, though not enough to make it high risk.
Copy the install command and let the AI configure it · recommended for beginners
Please install the "zoom-oauth" skill from askskill: 1. Download https://raw.githubusercontent.com/anthropics/knowledge-work-plugins/main/partner-built/zoom-plugin/skills/oauth/SKILL.md 2. Save it as ~/.claude/skills/oauth/SKILL.md 3. Reload skills and tell me it's ready
I am designing authentication for a Zoom integration. Recommend the right OAuth grant type for this scenario: an enterprise admin installs the app once, and then the app accesses meetings and user information for that account. Explain suitable options, pros, cons, and caveats.
A recommendation for the best grant type, with rationale and implementation caveats.
I am building a Zoom app that needs to read meeting lists, create meetings, and access recordings. Help me identify the required scopes, organize them using least-privilege principles, and flag any scopes that may require extra review or hurt installation conversion.
A suggested scope set with least-privilege guidance and review-risk notes.
My Zoom OAuth integration has been frequently failing during refresh token requests. Give me a systematic troubleshooting checklist covering common causes, log checkpoints, request parameter validation, and how to distinguish configuration errors, token expiration, and app permission issues.
A structured troubleshooting checklist to quickly isolate Zoom OAuth refresh token issues.
Background reference for Zoom auth and token lifecycle behavior. Prefer setup-zoom-oauth first, then use this skill for the exact flow, scope, and error details.
Authentication and authorization for Zoom APIs.
For comprehensive guides, production patterns, and troubleshooting, see Integrated Index section below.
Quick navigation:
| Use Case | App Type | Grant Type | Industry Name |
|---|---|---|---|
| Account Authorization | Server-to-Server | account_credentials | Client Credentials Grant, M2M, Two-legged OAuth |
| User Authorization | General | authorization_code | Authorization Code Grant, Three-legged OAuth |
| Device Authorization | General | urn:ietf:params:oauth:grant-type:device_code | Device Authorization Grant (RFC 8628) |
| Client Authorization | General | client_credentials | Client Credentials Grant (chatbot-scoped) |
| Term | Meaning |
|---|---|
| Two-legged OAuth | No user involved (client ↔ server) |
| Three-legged OAuth | User involved (user ↔ client ↔ server) |
| M2M | Machine-to-Machine (backend services) |
| Public client | Can't keep secrets (mobile, SPA) → use PKCE |
| Confidential client | Can keep secrets (backend servers) |
| PKCE | Proof Key for Code Exchange (RFC 7636), pronounced "pixy" |
┌─────────────────────┐
│ What are you │
│ building? │
└──────────┬──────────┘
│
┌────────────────────┼────────────────────┐
│ │ │
▼ ▼ ▼
┌─────────────────┐ ┌─────────────────┐ ┌─────────────────┐
│ Backend │ │ App for other │ │ Chatbot only │
│ automation │ │ users/accounts │ │ (Team Chat) │
│ (your account) │ │ │ │ │
└────────┬────────┘ └────────┬────────┘ └────────┬────────┘
│ │ │
▼ │ ▼
┌─────────────────┐ │ ┌─────────────────┐
│ ACCOUNT │ │ │ CLIENT │
│ (S2S OAuth) │ │ │ (Chatbot) │
└─────────────────┘ │ └─────────────────┘
│
▼
┌─────────────────────┐
│ Does device have │
│ a browser? │
└──────────┬──────────┘
│
┌───────────────┴───────────────┐
│ NO YES│
▼ ▼
┌─────────────────────────┐ ┌─────────────────┐
│ DEVICE │ │ USER │
…
Review an analysis for methodology, accuracy, bias, and evidence support.
Generate people analytics reports on headcount, attrition, diversity, and org health.
Identify, categorize, and prioritize technical debt for smarter refactoring decisions.
Choose the right Zoom surface for a product use case with clear tradeoffs.
Turn an approved brief into social assets, copy, and a staged campaign.
Create stakeholder updates tailored to audience, cadence, and communication goals.
Get shared Zoom platform guidance for auth, scopes, app models, and routing.
Set up Zoom OAuth correctly, including scopes, tokens, and auth troubleshooting.
Build in-client web app features with the Zoom Apps SDK.
Build Zoom Phone integrations, call workflows, and telephony automation features.
Implement Zoom Meeting SDK joins, auth flows, and platform-specific integrations.
Configure Zoom webhooks for subscriptions, signature checks, event handling, and retries.