API Endpoint(s) and/or Zoom API Event(s)
OAuth: https://zoom.us//oauth/authorize?response_type=code&client_id={clientId}&redirect_uri={redirectUri}
Revoke: https://zoom.us/oauth/revoke?token={accessToken}
Description
After revoke and re-authentication OAuth app does not appear in installed apps, causing issues with app management, permissions.
Background -
We have a Zoom app on the marketplace to support in-app Zoom for our mobile app.
We were implementing a solution to disconnect a user’s Zoom account from their mobile app account.
The solution added a disconnect button within the mobile app that calls the Zoom revoke endpoint with the access token and then deletes the token and Zoom user data from our database.
When we call the revoke endpoint, it removes the app from the installed page as expected, but two weird things happen after we try to re-authenticate the user (either right after, or a couple days later appear to yield the same result so it’s not simply a cache or delay while the Zoom system catches up).
- Zoom does not present the “allow” permissions screen with a list of scopes and instead just passes them through to the redirect url (which works correctly and a new access token is granted to our system). A little funny, but I could understand this on it’s own since we didn’t explicitly say the user revoked our permission, just the token.
- The real problem is that after re-authentication the app DOES NOT appear under installed apps. There does not appear to be a way for me to remove the app from my account anymore, and no way for my user to get out of this state.
Ideally we would be able to set up this disconnect button all in app programmatically, but if needed by Zoom we can instead direct users to the marketplace installed page so they can remove it there. However, my account and at least one other of my team’s accounts are currently in an apparent broken state which is becoming a testing blocker (I can not test the deauth callback from zoom because I cannot remove the app from my account).
I originally requested help in Zoom support, but they said they couldn’t help me and I should post here.
Error?
No error message - to summarize, The Zoom marketplace app is authenticated with my account, I can join meetings as myself in our mobile app, but our Zoom marketplace app doesn’t show up under added apps anymore, and I cannot remove permissions.
How To Reproduce
Steps to reproduce the behavior:
- At some point the user expresses they want to connect our app to their Zoom account, so we send them to our OAuth url -
https://zoom.us//oauth/authorize?response_type=code&client_id={clientId}&redirect_uri={redirectUri} - The user logs in and see’s the scopes of our app and presses allow
- The OAuth flow sends the user to our redirect url, where we finalize the auth and store their token.
- You can see the app is listed under Added apps on the zoom marketplace
- At some point the user expresses they want to disconnect our app, so we call the revoke endpoint
https://zoom.us/oauth/revoke?token={accessToken}with their access token and a Basic authorization header composed of our client id and secret - You can see the app is not listed under Added apps on the zoom marketplace anymore
- At some point the user expresses they want to connect our app to their Zoom account, so we send them to our OAuth url again -
https://zoom.us//oauth/authorize?response_type=code&client_id={clientId}&redirect_uri={redirectUri} - The user logs in if not already and does not see the scopes of our app and has not option to cancel, the OAuth flow sends the user right away to our redirect url, where we finalize the auth and store their token.
- You can see the app is not listed under Added apps on the zoom marketplace
- We do have a valid token for the Zoom user, so it is added to their account.