We installed the indico-plugin-vc-zoom (version 3.3.1) on our Indico (version 3.3.5). We selected the scopes meeting:read:admin, meeting:write:admin and user:read:admin for the Zoom Server-to-Server OAuth app, according to https://pypi.org/project/indico-plugin-vc-zoom/.
With this it possible to create new Zoom meetings from Indico. But when trying to update or delete meetings, adding exiting Zoom meetings to an event or cloning an event including a Zoom meeting errors occur. The errors suggest that the scopes meeting:update:meeting:admin and meeting:delete:meeting:admin are also required for the OAuth App.
Is this true or did we miss something else in the configuration?
Maybe something changed recently for newer apps? At least for us, the documented scopes work fineā¦
Digging in the documentation of Zoom we found that Zoom indeed changed the scopes for OAuth apps: Internal apps - OAuth scopes - Zoom Developers
Existing apps continue to use the previously available scopes (probably the situation at CERN and elsewhere), while newly created apps have to use the new so-called granular scopes.
According to our tests the following granular scopes are needed to get full functionality of the Indico Zoom plugin:
meeting:read:meeting:adminmeeting:write:meeting:adminmeeting:update:meeting:adminmeeting:delete:meeting:adminuser:read:user:admin
And for webinars probably (not tested by us):
webinar:read:webinar:adminwebinar:write:webinar:adminwebinar:update:webinar:adminwebinar:delete:webinar:admin
I.e. the old write scopes are split in three for creation (write), editing (update) and deletion(delete).