124 Forbidden when attempting to download cloud recordings

Description
When attempting to download meeting recordings I am getting a 124 Forbidden error. I am able to get the list of recordings associated with a meeting, however when I try to download them I get the error. As per the docs site I am appending ?access_token=<MY ACCESS TOKEN> to the url returned by the api

Error
{"status":false,"errorCode":124,"errorMessage":"Forbidden"}

Which App Type (OAuth / Chatbot / JWT / Webhook)?
OAuth

Which Endpoint/s?

/meetings/{meetingId}/recordings

How To Reproduce (If applicable)

curl --request GET \
--url https://api.zoom.us/v2/meetings/9Tdc6KupQ8KFrO32dTd6cg==/recordings \
--header 'authorization: Bearer *******`

Truncated response:

{
  "uuid": "9Tdc6KupQ8KFrO32dTd6cg==",
  ...
  "recording_files": [
    {
      "id": "f9f8eb95-1553-4035-b88a-abce7cf4283a",
      "download_url": "https://us02web.zoom.us/rec/download/6517f7z6pz43G9GQswSDAvV8W461Jvqsg3NNr_Remku3W3NSNAeiNbdDYFnOUwFYYr9xnOqcgpRb4z0",
      "status": "completed",
      "recording_type": "shared_screen_with_speaker_view"
    ...
    }
  ]
}
curl "https://us02web.zoom.us/rec/download/6517f7z6pz43G9GQswSDAvV8W461Jvqsg3NNr_Remku3W3NSNAeiNbdDYFnOUwFYYr9xnOqcgpRb4z0?access_token=******"

Response:

{"status":false,"errorCode":124,"errorMessage":"Forbidden"}

Additional context
I believe the oauth roles granted to me by our integration are currently: recording:read and recording:write.

Hi @will1, do you have any account or group-level authentication requirements on your account? If you have Admin / Developer permission, can you use a JWT (instead of OAuth) to the end of this as the access token?

I’m having exactly the same problem! Thought I was going mad. Any further word @michael.harrington or @tommy?

Only happens with password-protected recordings. Including ?access_token=jwt

The jwt is an oauth user-level jwt with scope recording:read

Hi @james2, an OAuth access token is not an account-level JSON Web Token. Can you create a JWT app on the Marketplace, then use a JWT instead of OAuth?

My understanding was that JWT apps are for a totally different purpose to oauth apps. Do JWT apps have granular permission scopes, installable by non-admin users? I don’t want to ask large corp/edu institutions to give me permission to their entire accounts, and I don’t think they would even if I did. But even further still, my understanding was that a JWT app gives me permission to my own Zoom account, not connections between my product and other people’s Zoom accounts via the marketplace.

Hey @james2,

You are correct. That being said, OAuth apps will be able to download cloud recordings in a release this weekend. :slight_smile:

Thanks,
Tommy