Can't I set refresh token in URL query parameters?

kanata.koyama · February 6, 2023, 5:21am

API Endpoint(s) and/or Zoom API Event(s)
Link the API endpoint(s) and/orZoom API Event(s) you’re working with to help give context.

https://marketplace.zoom.us/docs/guides/auth/oauth/#refreshing-an-access-token

this is my api call

api endpoint: /oauth/token?grant_type=refresh_token&refresh_token=${refreshToken}`
method: POST
header: ‘Authorization’: ‘Basic ${base64 encoded from zoom app client id & client secret }’

Description
Details on your question, workflow or the problem you’re trying to solve.
I review my codes of zoom api call, because I got email about Zoom API Security Update. It says;

As a part of our continuing efforts to improve the security of Zoom OAuth App Types using Authorization flow, we are removing the ability to set the access tokens, refresh tokens and revoke tokens in the URL query parameters.

but this article says;

What happens if I fail to update my code?
Beginning February 14, 2023, any API request that is sent with the access token in the URL query parameters will fail.

My api call has refresh token in query parameters. Must I update api call? and if yes, how to update?

elisa.zoom · February 9, 2023, 9:26pm

Hi @kanata.koyama
Yes, you will need to update your call. This change will take effect on access_tokens, refresh_tokens and revoke_tokens.

Here is a link to our Docs that has examples on how to change this workflow:
https://marketplace.zoom.us/docs/guides/stay-up-to-date/announcements/#send-access_token-in-authorization-header-not-as-query-parameter

Hope this helps,
Elisa

kanata.koyama · February 11, 2023, 2:35pm

hi @elisa.zoom
thank you for reply! i tried our new api call with reference to this but finally got an unsupported_grant_type error… (same error as this)
Here is our api call

POST https://zoom.us/oauth/token

# Header
Authorization: Basic ${base64 encoded from zoom app client id & client secret }
Content-Type: application/x-www-form-urlencoded

# Request body
refresh_token: ${refreshToken}
grant_type: refresh_token

How can we fix it? or isn’t the new api call available yet?

kanata.koyama · February 13, 2023, 2:57am

ah sorry, Our api call for application/x-www-form-urlencoded was wrong formatted…
We fixed it! thanks!

elisa.zoom · February 13, 2023, 4:45pm

Good news! @kanata.koyama

Topic		Replies	Views
How do we stop using refresh_token in query parameters? API and Webhooks api	5	498	January 24, 2024
[Security Update] No token values in URL query parameters API and Webhooks	63	3595	February 26, 2024
Zoom API Security Update - Authorization Request Authentication api	2	308	January 26, 2023
What endpoints are included in the Feb 14th token deprecation? API and Webhooks	2	224	February 7, 2024
Zoom API Security Update - Removing Access Tokens from URL Query Parameters Authentication	3	402	February 8, 2023

Can't I set refresh token in URL query parameters?

Related Topics