AZCHESS Zoom Integration - Test Plan (Marketplace Review)

1) Integration Summary

AZCHESS provides an in-app classroom UI where users connect their own Zoom account, create a Zoom meeting, and open/join the meeting inside AZCHESS. AZCHESS does not host Zoom media or bill users for Zoom usage.

OAuth is user-managed (authorization code flow). Meeting creation is performed with the authorized user's token against Zoom API, and meeting join is rendered with Zoom Meeting SDK.

2) Reviewer Credentials and Required Setup

2.1 AZCHESS Test Credentials

• AZCHESS Host user: asadov@javid.az
• AZCHESS Student user: asadov@javid.az
• Password: Yahoo1357!!!

2.2 Zoom Test Credentials

• Zoom Host account: asadov@javid.az
• Zoom Student account: asadov@javid.az
• Password: Yahoo1357!!!

2.3 Mandatory Reviewer Notes

• Authorization must use the Production Client ID.
• Direct landing page for integration: https://www.azchess.az/az/labs/study/classroom/coach/live
• For not-logged-in users, AZCHESS prompts login first, then returns to classroom.

3) Scope-to-Feature Mapping

Scope	Used Endpoint(s)	User-visible Feature	Required/Optional
meeting:write	POST /v2/users/me/meetings	Create Zoom meeting from AZCHESS classroom ("Create via Zoom API").	Required
user:read	GET /v2/users/me	Show linked Zoom profile metadata (display name/email) in UI.	Optional

If user:read is not granted, AZCHESS still works for meeting creation and join. Only profile display enrichment is reduced.

4) Step-by-Step Reviewer Flow

Flow A - OAuth Authorization and Link

1. Open https://www.azchess.az and sign in with AZCHESS host test user.
2. On desktop home, click Study beta and navigate to classroom live view: /az/labs/study/classroom/coach/live.
3. In "Zoom" section, click Connect Zoom.
4. Complete Zoom OAuth consent using Zoom host test account.
5. Return to AZCHESS and verify status shows Zoom account linked.

Expected: Link succeeds and linked identity is visible (when profile scope is granted).

Flow B - Create Zoom Meeting via API

1. From the same classroom panel, click Create via Zoom API.
2. Verify meeting URL and passcode are populated in form fields.
3. Click Save (if not already saved by flow).

Expected: Meeting is created under authorized Zoom host account and stored on classroom.

Flow C - Open/Join Meeting In-App

1. Click Open Zoom in class from classroom Zoom card.
2. Verify Zoom panel renders inside AZCHESS page (embedded mode).
3. Use fallback Open Zoom in new tab button to validate external join path.

Expected: In-app panel opens and user can join meeting with Zoom SDK flow.

Flow D - Student Join Experience

1. Open a separate browser/session, sign in as AZCHESS student test user.
2. Open student classroom live page: /az/labs/study/classroom/student/live.
3. Use Open Zoom in class on student side.

Expected: Student can join the class meeting from AZCHESS UI.

Flow E - Unlink / De-Authorization

1. In host classroom Zoom card, click Unlink Zoom.
2. Try Create via Zoom API again without reconnecting.

Expected: Unlinked state is shown and Zoom actions require re-link.

5) Optional Scope Test Matrix

Scenario	Granted Scopes	Expected Result
Least privilege	meeting:write	OAuth link + meeting creation + in-app join all work. Linked Zoom profile fields (email/display name) can be empty or limited.
Common mixed-optional scenario	meeting:write + user:read	All core features work, plus linked Zoom identity is shown in AZCHESS Zoom card.
Highest privilege (same as current maximum)	meeting:write + user:read	Same user-visible behavior as common scenario in current app version.

5.1 Detailed Instructions for Optional Scope Testing

1. Reset state: in AZCHESS classroom Zoom card, click Unlink Zoom.
2. Scenario A (Least privilege): authorize app with only meeting:write.
3. Validate Scenario A:
   • Connect Zoom succeeds.
   • Create via Zoom API succeeds and returns meeting URL/passcode.
   • Open Zoom in class works.
   • Linked identity metadata may be missing/limited (expected).
4. Unlink Zoom again.
5. Scenario B (Common mixed optional): authorize with meeting:write + user:read.
6. Validate Scenario B:
   • All Scenario A behavior still works.
   • Linked Zoom display name/email appears in AZCHESS Zoom section.
7. Scenario C (Highest privilege): same scope set as Scenario B for current app.
8. Validate Scenario C:
   • Behavior matches Scenario B (current app has no additional optional scope feature beyond user:read).

If any optional scope is denied by reviewer test account policy, AZCHESS should still keep core meeting creation/join functional with meeting:write.

6) Troubleshooting Notes for Reviewers

• If OAuth popup is blocked, allow popups for www.azchess.az.
• If token expired, reconnect Zoom from Connect/Reconnect Zoom.
• Use latest Chrome/Edge desktop for full in-app embed validation.