Access and refresh token changes in V2

API and Webhooks
1

API Endpoint(s) and/or Zoom API Event(s)
https://marketplace.zoom.us/docs/guides/auth/oauth/

Description
I’ve noticed that the OAuth implementation has now changed from:

  1. Refresh tokens expiring after 15 years
  2. Only the latest refresh token is valid for use to obtain an access token (you cannot use a previously issued refresh token)
  3. Only the latest access token is valid for use (you cannot use a previously issued access token)

To:

  1. Refresh tokens expiring after 3 months
  2. You can seemingly use any refresh token issued as long as it’s within the expiry period (3 months)in order to get an access token
  3. You can seemingly use any accesstoken issued as long as it’s within the expiry period (1 hour) in to call an endpoint

So my question are as follows:

  1. Am I correct?
  2. Can the documentation be updated since it’s now incorrect: https://marketplace.zoom.us/docs/guides/auth/oauth/

Error?
N/A

How To Reproduce
Steps to reproduce the behavior:
Any access token/refresh token request to the token endpoint

2

@mark.walsh Hope you will be fine.

Yes :point_up_2:

3

I will need to wait for the official confirmation from a member of staff from Zoom…

4

@mark.walsh ,

Thank you for posting in the Zoom Developer Forum. I am not aware of this change but perhaps I missed it. Would you mind sharing the link to the source where you see the Refresh tokens now expires in three months? I will double-check on this internally and submit a documentation update request if needed

Refresh Tokens Expiration

image
image766×60 3.56 KB

5

@mark.walsh For :point_down:

It is 15 years. :point_down:

eg.

Screenshot 2023-01-12 at 7.45.06 PM
Screenshot 2023-01-12 at 7.45.06 PM1920×1104 161 KB

6

@donte.zoom We’re experiencing this as well. Is there any link to where this announcement was made?

This has effectively broken many of our authorized accounts prior to the switch.