Bug with http:// redirect

Description/Error
When using an http (NOT https) redirect url, Zoom will change the redirect_uri param to https and then fail to redirect.

How To Reproduce
Steps to reproduce the behavior:

1. Setup an application with an http redirect e.g. http://localhost:3000/_/zoom_redirect
2. Make sure the user is logged out from Zoom
3. Start the Zoom Oauth Flow by redirecting the user to https://zoom.us/oauth/authorize?client_id=XXX&redirect_uri=http%3A%2F%2Flocalhost%3A3000%2F_%2Fzoom_redirect&response_type=code&state=YYY
4. Login to Zoom with Google.
5. Get an Zoom error page (NB https):

Invalid redirect: https://localhost:3000/_/zoom_redirect (4,700)

This is hopefully only an issue for local development but is still pretty annoying!

Hey @ryan,

Can you try this to resolve the issue:

Let me know if this works!

Thanks,
Tommy

It definitely does work, but we’ve had some issues running all of our traffic over ngrok so we’re reserving it just for webhooks. Self-signed certs would also be a solution but a bit of a hassle to set up…

For the time being we’ll put up with the minor annoyance and we’ll look forward to a bug fix.

Hey @ryan,

I was able to reproduce the error. This only happens when signing in with Google. Like you said, it changes http to https.

We will work on fixing this. Thanks again for posting. JIRA: ZOOM-121664

Thanks,
Tommy

Hey @tommy,
This still seems to be an issue. Our redirect url is being changed from http://localhost to https://localhost. Any updates on this?

Hey @edward,

No updates, I would suggest using Ngrok.

I will keep you updated on when we are releasing a fix.

Thanks,
Tommy

Hey @tommy,

Yes, I saw that suggestion. Unfortunately, we deal with a large amount of traffic, and therefore using ngrok is not an ideal solution for us.

Edward

Hey @edward, we are working to make localhost redirect urls work.

Although, I was able to install the app successfully using http://localhost installing via the “Local Test” page and not using Google SSO.

Are you signing in with Google?

Thanks,
Tommy

Hey @tommy,

What do you mean by “Local Test”?
Re: using Google SSO- I am observing this as an issue for both Google SSO and for Zoom account logins.

Thanks,
Edward

Hey @edward,

“Local Test” as in:

Oh I see. The issue does not happen if you are already logged in to Zoom.

In the meantime, we are working on fixing the issue.

Thanks,
Tommy

Hi, I’m getting the same issue on my side. Do you have any update ?

Also, if my redirect url has 2 parameters, the last one is always deleted :
http://localhost/example.html?param1=blabla&param2=toto
becomes
https://localhost/example.html?param1=blabla&code=zoom_code

Hey @martin, thanks for posting and using Zoom!

No updates on this, we are still working on the issue.

As for the query params, that is intended functionality. Here is the proper way to add query params:

Thanks,
Tommy

I am having the same issue. Installing required certificates to use https seems quite tedious on a local development environment. Is there a way to redirect locally with out using https? Ngrock seems like a proprietary solution- is there an external solution that is not proprietary.

Hi @aurena, without the creation of your own redirect to localhost, using ngrok is our suggested local testing solution. We require all redirect URLs to be HTTPS.