I have been able to make it work ONLY adding pippo@disney.com as a User under my Zoom account giorgio.pieretti@un.org … BUT this becomes a big limitation in the plugin: pippo@disney.com account’s is no more “independent” and will rely on my subscription license and priviledges I assign to him…
So they were not in the same Zoom account as you originally wrote (unless I misunderstood “same Indico and Zoom account”)? The plugin does not support mixing Zoom accounts. Of course anyone can connect to a meeting, but only people who are a member of the Zoom account that is configured in the plugin can be a host…
Yep, “same Indico and Zoom account” was related to the Email pippo@disney.com , sorry I badly explained.
OK, so what I understood is correct: pippo@disney.com MUST be managed by giorgio.pieretti@un.org in Zoom.
That’s a big limitation.
It can be overtaken by moving the configuration from the plugin section to a user configuration section, so for each user we can send custom API KEYs… do you think it make sense?
I think it adds a lot of complexity… so not sure if it’s something we’d want to maintain. And asking users to provide rather sensitive zoom credentials to Indico… doesn’t sound appealing. And Zoom OAuth has the disadvantage of expiring tokens, so if we miss even one refresh for whatever reason, the user would need to do the OAuth flow again!
Just wondering, what’s the usecase of having hosts that do not belong to the same Zoom account as your own organization? Isn’t it typical that a Zoom meeting on Indico instance X is hosted by someone from organization X?
Correct, but organization X for us can be UNCTAD, UNECE, OHCHR… so I can create an account in Zoom as giorgio.pieretti@un.org to generate API keys and connect Indico and Zoom apps, but then all other organizations should have their own Zoom independent license and total control.
This way instead, we have to ask them be under our UN account (giorgio.pieretti@un.org).
It’s not also very clear to me if they can be under my free account, but buy a PRO license that will allow bigger zoom meetings and without time limitation…
So you do not have a single Zoom account for the UN?
A possible option could be to support multiple Zoom accounts on the admin level - so as an admin you would add multiple sets of credentials, and then when creating a Zoom meeting, you would need to choose the Zoom account under which it gets created (this could of course not be changed afterwards, and probably making someone who’s not on the same Zoom account host/co-host would not work).
Correct.
That’s the reason why I was suggesting to move the plugin configuration at User level:
If a User can add his own zoom API KEY, API Secret and Webhook token they can be used when querying Zoom instead of the defaults ones in plugin configuration.
Eventually, this can be done IF the User is listed under “Access - Manager” section of the Zoom plugin configuration in Indico, for a better control.
In case the User has not specified these settings, the plugin will fallback to default ones in Zoom plugin.
Sounds good?
I still do not think this is something that should be configured by anyone but Indico admins… IIRC. those Zoom API tokens give full access to the Zoom account as they cannot be scoped.
Probably in most cases there’s not just a single user from another Zoom account but many of them - and those tokens should absolutely NOT be shared among a larger user base!
One option that could work (would have to see if there are any issues with it):
- Keep the current single-zoom-account logic for the admin-level config
- When creating a Zoom meeting, give the user (if enabled in plugin settings) the choice to create the meeting under their own Zoom account; to do so they would need to do the Zoom OAuth flow.
Well, in our cases usually there is just one User per organization that will have an “official” Zoom account (payed license): one for UNCTAD, one for UNHCHR, and so on…
If they will need to go through the Zoom OAuth flow every time they create a new Zoom meeting in Indico, mmm… this will not easy their life.
I’m not scared of saving Zoom keys in the User module, but can be done also in the Category module, so all Events within a Category will use that API keys by default…keys accessible only by Category Manager…
You are aware that usually a single user cannot have multiple concurrent Zoom meetings, right? So while this seems to be a good way to save money on Zoom licenses (whether that’s ethical or not is a different topic), it won’t work unless you really only have one event at any time that needs to use Zoom.
You can do that of course - but I understood it as something you would like to have in the official Zoom plugin, and for that I’d rather not do this…
Maybe forking the Zoom plugin and adapting it for your - probably somewhat unusual - usecase wouldn’t be such a bad idea…
Sure, expecially at the beginning this will not be an issue, they will run just 1 Event at time. Then, each User will upgrade their own licence based on their needs… that’s why I would like to give them total independence from us.
Sure, I have many ways to to it by myself… I can fork or just customize what I need in our UN plugin, but I wanted to understand if that could be interesting for you and I could go for a PR upstream.
Ok, no problem! 
I’ll discuss this with the rest of team and decide what direction to take.
THANK YOU!
…and welcome back from your holidays! 