Anything that would cause all Refresh tokens for a user-level app to go bad?

(Not sure if the API forum or this forum would be best but let’s try this one.)

We have our own integration to Zoom via Oauth so we register an App on Marktetplace that is not distributed and then use the client key and secret and have our own page to authenticate. It’s a User-level app and we save the Access Token and Refresh Token in a database for each User.

In the last couple days about a dozen and half users got an error trying to refresh tokens. So, it would appear that something invalidated all the refresh tokens we had stored for these users. They were able to reauthenticate and start working again.

Does anyone know of anything that could invalidate all the tokens for a user-level app?

Does anyone know if there’s any kind of logging on the Zoom side that could provide as to when tokens become invalid or there’s failure to refresh for some reason?

I am not sure if Zoom tracks anything on their side, but I can speak on my experience here.

When two users log in using the same Zoom credentials, the old refresh_token is then invalidated and will not work. Thinking in this way, it is possible that multiple users are sharing a single Zoom login to authenticate.

That’s the scenario we bumped in to. Maybe it helps!

1 Like

Hey @kkoellner,

We can look at the logs if you provide us your App Name for your OAuth app.

As @edu_dev4 said, a common reason access and refresh tokens become invalidated is if one of your users Logs into Zoom for your app on another device.