Client ID not being recognised

rich · August 28, 2019, 8:31am

Having added an App to the system and retrieved the Auth code, I can’t get a token to use as the system is returning a client ID error.

Which Endpoint/s?

oauth/token
grant_type=authorization_code
code=54iFI8I27C_XXXMxyKRRhOz1obX4Z0I6g
redirect_uri=https://dev.thetherapy.space/_ajax/?ajax_response=oauth&model=zoom&componentID=external_connections

The client ID and Secret are base64 hashed (client_id . ‘:’ . client_secret) and the only header is “Authorization”:Basic . $hash

This is using cURL in PHP if it makes a difference

returns
HTTP/1.1 100 Continue

HTTP/1.1 401 Unauthorized
Date: Wed, 28 Aug 2019 08:21:55 GMT
Content-Type: application/json;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: ZOOM
x-zm-trackingid: WEB_d5f3aafe93b2fc784b1061ed8c18b559
X-Content-Type-Options: nosniff
Set-Cookie: cred=0E89C2B4CDE5B873E544ED233290AB56; Path=/; Secure; HttpOnly
Set-Cookie: _zm_page_auth=aw1_c_sueHhOatS-Gu_B-DqBelEw; Domain=.zoom.us; Path=/; Secure; HttpOnly
p3p: CP=“NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM”
Set-Cookie: _zm_ssid=aw1_c_gWn3D1hhRW6ApD6HmLx6Ig; Domain=.zoom.us; Path=/; Secure; HttpOnly
Cache-Control: no-store
Pragma: no-cache

{“reason”:“Invalid client_id or client_secret”,“error”:“invalid_client”}’

Clearly something is wrong but I can’t see what

michael_p.zoom · August 28, 2019, 5:04pm

Hi @Rich,

Are you using your development or production OAuth credentials when trying to generate an OAuth access token? Have you followed our OAuth guide within our docs[1]?
Also, once your get your access code you can use Postman to generate an access token, just in case there is something wrong with your code.

1- https://marketplace.zoom.us/docs/guides/authorization/oauth/oauth-with-zoom

rich · August 30, 2019, 7:00am

We’re using the dev credentials. But have tried the production ones too with the same result
Postman doesn’t appear to be of use as it’s using JWT and we want to use OAUTH

michael_p.zoom · August 30, 2019, 3:55pm

Hi @rich,

For using development credentials, make sure to local test url. From there you should see the authorization screen.

Screen Shot 2019-08-30 at 8.45.16 AM.png688×811 36.6 KB
After you click Authorize, you will be redirected to your redirect url where you can use the OAuth Code.
Once you get OAuth code, you can go to Postman to request your Access token. To do so, here is an example url, make sure to replace code with your OAuth code and your redirect url with what you have listed in your marketplace app. Also, for username enter in your development client ID and for password, enter in your developer Client Secret.
https://zoom.us/oauth/token?grant_type=authorization_code&code=m-eQMGSPM-wGA3ANg&redirect_uri=https://zoom.us

Let me know if that helps!

Thanks

rich · September 2, 2019, 9:16am

Thanks for the help

Using Postman I am getting the following response:
{
“reason”: “Invalid request : Redirect URI mismatch.”,
“error”: “invalid_request”
}

Even though the redirecturl works for the auth code and is copied directly out of the app config?
Config redirect uri
https://dev.thetherapy.space/_ajax/?ajax_response=oauth&model=zoom&componentID=external_connections

URL is now : https://zoom.us/oauth/token?grant_type=authorization_code&code=6Y6x0lVGDt_XXXMxyKRRhOz1obX4Z0I6g&redirect_uri=https://dev.thetherapy.space/_ajax/?ajax_response=oauth&model=zoom&componentID=external_connections

Username AB_0J0tQA2pe5altgs7Ww
Pwd aaViFxDnrRC4PMjaNZEwo68iar7Axkq0
Auth header is : Authorization : Basic QUJfMEowdFFBMnBlNWFsdGdzN1d3OmFhVmlGeERuclJDNFBNamFOWkV3bzY4aWFyN0F4a3Ew

tommy · September 3, 2019, 3:59pm

Hey @rich,

I just tested and was able to reproduce your issue.

I believe the issue is having query params in the redirect url. Can you try removing them so your redirect url becomes https://dev.thetherapy.space/_ajax

https://zoom.us/oauth/token?grant_type=authorization_code&code=6Y6x0lVGDt_XXXMxyKRRhOz1obX4Z0I6g&redirect_uri=https://dev.thetherapy.space/_ajax

Let me know if that works!

Thanks,
Tommy

rich · September 4, 2019, 1:42pm

Thanks.

No. We can’t remove the query params, that’s how our system accepts call backs, otherwise you are probably behind a secure login.

However if the token request is only using the URI as validation we can give that a try, providing that we will never need to refresh the authorization code?

It seem odd that the URI works for supplying the auth code in the first place, and then fails when it is used again. We can’t be the first people to have query params in their redirect uri.

I will not be able to get to this until tommororw though, so will respond then.

tommy · September 4, 2019, 8:35pm

Hey @rich,

Here is whats happening, in your app dashboard you have
https://dev.thetherapy.space/_ajax/?ajax_response=oauth&model=zoom&componentID=external_connections
as your redirect url.

Then when you go to authorize your app:

https://zoom.us/oauth/token?grant_type=authorization_code&code=6Y6x0lVGDt_XXXMxyKRRhOz1obX4Z0I6g&redirect_uri=https://dev.thetherapy.space/_ajax/?ajax_response=oauth&model=zoom&componentID=external_connections

Zoom handles your &model=zoom&componentID=external_connections as the base URL’s query param, so Zoom is comparing

https://dev.thetherapy.space/_ajax/?ajax_response=oauth&model=zoom&componentID=external_connections

with

https://dev.thetherapy.space/_ajax/?ajax_response=oauth

hence you getting the error:

{
“reason”: “Invalid request : Redirect URI mismatch.”,
“error”: “invalid_request”
}

(I tested having the first query param of ?ajax_response=oauth works, but when you add another one with & it breaks.)

This is the case for most OAuth flows including Googles API. (Referencing this stack overflow answer)

That being said,

The correct way to do this, is to add a query param to the end of the authorization url itself, instead of the redirect url.

For example in my App Dashboard I have https://zoom.us as my redirect url, and then I added a &state=data query param to the auth url:

https://zoom.us/oauth/authorize?response_type=code&client_id={{ clientID }}&redirect_uri=https://zoom.us&state=somedata

This will take you to https://zoom.us/?code=zoiAoSEm98_KdYKjnimT4KPd8KKdQt9FQ&state=data.

Then when requesting an access_token, pass I pass in https://zoom.us as the redirect_url and it works.

https://zoom.us/oauth/token?code=zoiAoSEm98_KdYKjnimT4KPd8KKdQt9FQ&grant_type=authorization_code&redirect_uri=https://zoom.us

Let me know if this helps!

Thanks,
Tommy

rich · September 5, 2019, 8:47am

HI
Tried the suggest redirect uri.
and
https://dev.thetherapy.space/_ajax

And did finally get a valid response from Postman.

On second run got
{
“reason”: “Invalid request : token created error: Save Access token into Database error”,
“error”: “invalid_request”
}

I assume as I have a token and refresh token I can now use those to access the API.

rich · September 5, 2019, 9:52am

OK

So some progress. Using the retrieved refresh token a request to

Gives
“reason”: “Invalid Token!”, “error”: “invalid_request”

in code and in Postman?

Is this config on the zoom end?

tommy · September 5, 2019, 4:38pm

Hey @rich,

What do you mean “On second run”? Which endpoint are you calling?

And Yes once you have an access_token you can call the Zoom API’s. The access_token only lasts for an hour so once it expires, to get a new access_token, use your refresh token to do so.

POST https://zoom.us/oauth/token?grant_type=refresh_token&refresh_token={ REFRESH TOKEN }&redirect_uri={ REDIRECT URL }

Headers:

{
    "Authorization": "Basic base64Encoded({ ClientID }:{ ClientSecret })"
}

Thanks,
Tommy

tnv.9119 · March 30, 2020, 2:01pm

Hi, I still error
i’m using develop credentials

tnv.9119 · March 30, 2020, 2:16pm

And I use oauth2 of postman, it return token

tommy · March 30, 2020, 11:45pm

Hey @tnv.9119,

Please follow the OAuth guide here:

https://marketplace.zoom.us/docs/guides/auth/oauth

Thanks,
Tommy

rania.mohamed · April 4, 2020, 2:13pm

please I made all these steps but getting this error

Invalid client_id: (4,702)

my App Intent to publish option is false , I don’t want it to be in the marketplace , is it related to this error ?

tommy · April 6, 2020, 5:02pm

Hey @rania.mohamed,

Please share more details like what step in OAuth you are seeing this error.

Thanks,
Tommy

rania.mohamed · April 8, 2020, 3:55pm

hey @tommy
this happens when get Access token second step, this is my request with the generated code
https://zoom.us/oauth/token?redirect_uri=http%3A%2F%2Fsaharaschools.com&grant_type=authorization_code&code=niKEHgBGTx_XvIOzQwMQNW1r1UqIeUgGQ

tommy · April 8, 2020, 11:57pm

Hey @rania.mohamed,

Make sure to pass in the Basic Authorization header.

Authorization Header	Description
Authorization	The string “Basic” with your Client ID and Client Secret with a colon : in between, Base64 Encoded. For example, Client_ID:Client_Secret base64 encoded is Q2xpZW50X0lEOkNsaWVudF9TZWNyZXQ=

Thanks,
Tommy

rania.mohamed · April 9, 2020, 8:03am

hey @tommy,

yes I’m doing this , and this is my curl

–header 'Authorization: Basic

is anything related to the application itself?
settings or something I should do?

tommy · April 10, 2020, 6:54am

Hey @rania.mohamed,

Please double check you are using the correct client secret, it does not look right.

Thanks,
Tommy

Topic		Replies	Views
What should the Client ID and Client Secret be? API and Webhooks	2	2659	August 15, 2020
"Invalid client_id or client_secret" API and Webhooks	18	6922	December 7, 2021
Error:invalid_client API and Webhooks	7	2157	January 30, 2021
Invalid client_id or client_secret API and Webhooks	4	2269	November 9, 2020
"Invalid client_id or client_secret" Urgent help required. (I just need to get the API TOKEN) API and Webhooks	2	463	July 2, 2021

Client ID not being recognised

Related Topics