Account-Level OAuth App Getting Deactivated Regularly

API and Webhooks Authentication
1

API Endpoint(s) and/or Zoom API Event(s)
Link the API endpoint(s) and/orZoom API Event(s) you’re working with to help give context.

Description
Details on your question, workflow or the problem you’re trying to solve.
We have developed an Account-level OAuth app that retrieves meeting recordings from an organization. All of the normal authentication and authorization workflows work as expected, and we can see that new access_tokens are generated every hour using the refresh_tokens. So far so good!

However, intermittently (but eventually with all integrations) we get an invalid_grant error from Zoom. We haven’t been able to track down any rhyme or reason why this is happening, but it appears like it is happening when the initial Admin user who authorized the app signs into their normal account on Zoom desktop.

Error?
The full error message or issue you are running into, where applicable.
{“reason”:“Invalid Grant”,“error”:“invalid_grant”}

How To Reproduce
Steps to reproduce the behavior:

  1. Integrate our Account-level OAuth app as an admin user
  2. Make queries to the approved Zoom APIs without issue
  3. Wait an hour for the access_token to be refreshed using the refresh_token. All is still good!
  4. As the initial Admin user of Zoom, sign out of Zoom and/or sign-in again to Zoom Desktop app.
  5. Authentication with the app is broken and will return the error above.

Are there any known limitations with this? Is it ever expected that normal and completely unrelated authentication workflows with the approving-zoom-user would affect the integration status of an Account-level OAuth app?

Thank you in advance for your help, I truly appreciate it!

2

@jack_naro This is quite weird. I have seen another customer report similar issue. Can you email () the following information related to your app:

  1. App Name:
  2. App ID:
  3. App Client ID (Dev / Prod) :
  4. Email Id of the developer:
3

hi @jack_naro Thank you for emailing me the details. We were able to take a look at the logs. Upon checking it seemed like the issue happens because you are trying to get a new access token using an invalid (previously used) refresh token. I have requested our team to increase your token tolerance, which should be able to handle this issue. Please give us until Tuesday of next week to do this.

4

Hi @ojus.zoom, thanks for the update and for helping remedy this from your side. I’ll also definitely investigate our code to find out how/why we’re requesting an access token with an invalid refresh token.

If I can ask, to help us debug, was this a regular occurrence (i.e. we are consistently requesting with a previously used token) or intermittent one? Either way, we’ll track it down and get it fixed.

Thanks again,
Jack

5

We can only track data for the last 15 days