It’s always hard to nail the exact sequence when authorizing through a new API. Here’s what I came up with for PHP authorization with Zoom’s JWTs. This is essentially a quick start which gets you enough functions to do a first API call: to list zoom users. Line 40->68 is where the JWt meat happens.
<?php // config parameters you need to define define( 'ZOOM_TOKEN_FILE', "/var/.zoom_token" ) ; // some location on the filesystem used to cache your token while it's current (make sure permissions are restrictive) define( 'ZOOM_API_KEY', "" ) ; define( 'ZOOM_API_SECRET', "" ) ; // main print_r( zoom_list_users() ) ; exit( 0 ) ; // functions function zoom_list_users() { $users = array() ; $page_number = 1 ; $keep_going = true ; while( $keep_going && $page_number<10000 ) { $result = zoom_make_api_call( "GET", "https://api.zoom.us/v2/users", array('page_size'=>300, 'page_number'=>$page_number, 'status'=>"active") ) ; $result = json_decode( $result, true ) ; if( array_key_exists('users', $result) && count($result['users'])>0 ) { foreach( $result['users'] as $user ) { $users[] = $user ; } $page_number++ ; if( $page_number>$result['page_count'] ) { $keep_going = false ; } } else { $keep_going = false ; } } return $users ; } // PHP's default base64 encode isn't URL safe which messes up the JWT, we need these functions instead function base64_url_encode( $data ) { return rtrim( strtr(base64_encode($data), '+/', '-_'), '=' ) ; } function base64_url_decode( $data ) { return base64_decode( str_pad(strtr($data, '-_', '+/'), strlen($data) % 4, '=', STR_PAD_RIGHT) ) ; } function get_token( $refresh=false ) { if( $refresh===false && file_exists(ZOOM_TOKEN_FILE) ) { return file_get_contents( ZOOM_TOKEN_FILE ) ; } $jwt_request_date = @date( "U" ) ; // no warning, proper system timezone assumed $jwt_expiration_date = $jwt_request_date + 60*60 ; # +1 hour $jwt_header = '{"alg":"HS256","typ":"JWT"}' ; $jwt_claim_set = '{"iss":"' . ZOOM_API_KEY . '","exp":' . $jwt_expiration_date . '}' ; $jwt_signature = sign_data( base64_url_encode($jwt_header) . '.' . base64_url_encode($jwt_claim_set), ZOOM_API_SECRET ) ; $jwt = base64_url_encode( $jwt_header ) . "." . base64_url_encode( $jwt_claim_set ) . "." . base64_url_encode( $jwt_signature ) ; file_put_contents( ZOOM_TOKEN_FILE, $jwt ) ; return $jwt ; } function sign_data( $data, $key ) { return hash_hmac( "SHA256" , $data, $key, true) ; } function zoom_make_api_call( $request, $url, $get_variables=null, $post_variables=null, $force_refresh_token=false ) { $ch = curl_init() ; $token = get_token( $force_refresh_token ) ; $getfields = "" ; if( $get_variables!==null && is_array($get_variables) ) { foreach( $get_variables as $get_variable_key=>$get_variable_value ) { $getfields .= "&" . urlencode( $get_variable_key ) . "=" . urlencode( $get_variable_value ) ; } if( strlen($getfields)>0 ) { $getfields = "?" . substr( $getfields, 1 ) ; } } curl_setopt( $ch, CURLOPT_URL, "{$url}{$getfields}" ) ; curl_setopt( $ch, CURLOPT_PORT , 443 ) ; curl_setopt( $ch, CURLOPT_CUSTOMREQUEST, $request ) ; curl_setopt( $ch, CURLOPT_SSL_VERIFYPEER, false ) ; if( $post_variables!==null && is_array($post_variables) ) { $postfields = "" ; foreach( $post_variables as $post_variable_key=>$post_variable_value ) { $postfields .= "&" . urlencode( $post_variable_key ) . "=" . urlencode( $post_variable_value ) ; } $postfields = substr( $postfields, 1 ) ; curl_setopt( $ch, CURLOPT_POSTFIELDS, $postfields ) ; } else if( $post_variables!==null && is_string($post_variables) ) { curl_setopt( $ch, CURLOPT_POSTFIELDS, $post_variables ) ; } curl_setopt( $ch, CURLOPT_HTTPHEADER, array( "authorization: Bearer {$token}", "content-type: application/json") ) ; curl_setopt( $ch, CURLOPT_RETURNTRANSFER, 1 ) ; curl_setopt( $ch, CURLOPT_HEADER, true ) ; $response = curl_exec( $ch ) ; curl_close( $ch ) ; $response = parse_http_response( $response ) ; if( $response['code']=="200" || $response['code']=="204" || $response['code']=="404" ) { return $response['body'] ; } else if( $response['code']=="401" ) { // expired token if( $force_refresh_token===false ) { // safe to recurse return zoom_make_api_call( $request, $url, $get_variables, $post_variables, true ) ; } else { echo "ERROR: had an expired token and I tried to refresh it, yet somehow it's still expired\n" ; print_r( $response ) ; exit( 1 ) ; } } else { echo "ERROR: I have no idea what to do with this response from Zoom\n" ; print_r( $response ) ; exit( 1 ) ; } } function parse_http_response( $raw_data ) { $parsed_response = array( 'code'=>-1, 'headers'=>array(), 'body'=>"" ) ; $raw_data = explode( "\r\n", $raw_data ) ; $parsed_response['code'] = explode( " ", $raw_data[0] ) ; $parsed_response['code'] = $parsed_response['code'][1] ; $i = 1 ; if( $parsed_response['code']=="100" ) { $parsed_response['code'] = explode( " ", $raw_data[2] ) ; $parsed_response['code'] = $parsed_response['code'][1] ; $i = 3 ; } for( ; $i<count($raw_data) ; $i++ ) { $raw_datum = $raw_data[$i] ; $raw_datum = trim( $raw_datum ) ; if( $raw_datum!="" ) { if( substr_count($raw_datum, ':')>=1 ) { $raw_datum = explode( ':', $raw_datum, 2 ) ; $parsed_response['headers'][strtolower($raw_datum[0])] = trim( $raw_datum[1] ) ; } else { echo "ERROR: we're in the headers section of parsing an HTTP section and no colon was found for line: {$raw_datum}\n" ; exit( 1 ) ; } } else { // we've moved to the body section if( ($i+1)<count($raw_data) ) { for( $j=($i+1) ; $j<count($raw_data) ; $j++ ) { $parsed_response['body'] .= $raw_data[$j] . "\n" ; } } // we don't need to continue the $i loop break ; } } return $parsed_response ; } ?>
Thank you! I’ve been racking my head on getting the JWT portion sorted, and I didn’t want to use a library just to do it.