Client ID not being recognised

Having added an App to the system and retrieved the Auth code, I can’t get a token to use as the system is returning a client ID error.

Which Endpoint/s?


oauth/token
grant_type=authorization_code
code=54iFI8I27C_XXXMxyKRRhOz1obX4Z0I6g
redirect_uri=https://dev.thetherapy.space/_ajax/?ajax_response=oauth&model=zoom&componentID=external_connections

The client ID and Secret are base64 hashed (client_id . ‘:’ . client_secret) and the only header is “Authorization”:Basic . $hash

This is using cURL in PHP if it makes a difference

returns
HTTP/1.1 100 Continue

HTTP/1.1 401 Unauthorized
Date: Wed, 28 Aug 2019 08:21:55 GMT
Content-Type: application/json;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: ZOOM
x-zm-trackingid: WEB_d5f3aafe93b2fc784b1061ed8c18b559
X-Content-Type-Options: nosniff
Set-Cookie: cred=0E89C2B4CDE5B873E544ED233290AB56; Path=/; Secure; HttpOnly
Set-Cookie: _zm_page_auth=aw1_c_sueHhOatS-Gu_B-DqBelEw; Domain=.zoom.us; Path=/; Secure; HttpOnly
p3p: CP=“NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM”
Set-Cookie: _zm_ssid=aw1_c_gWn3D1hhRW6ApD6HmLx6Ig; Domain=.zoom.us; Path=/; Secure; HttpOnly
Cache-Control: no-store
Pragma: no-cache

{“reason”:“Invalid client_id or client_secret”,“error”:“invalid_client”}’

Clearly something is wrong but I can’t see what

Hi @Rich,

Are you using your development or production OAuth credentials when trying to generate an OAuth access token? Have you followed our OAuth guide within our docs[1]?
Also, once your get your access code you can use Postman to generate an access token, just in case there is something wrong with your code.

1- https://marketplace.zoom.us/docs/guides/authorization/oauth/oauth-with-zoom

1 Like

We’re using the dev credentials. But have tried the production ones too with the same result
Postman doesn’t appear to be of use as it’s using JWT and we want to use OAUTH

Hi @rich,

  1. For using development credentials, make sure to local test url. From there you should see the authorization screen.

  2. After you click Authorize, you will be redirected to your redirect url where you can use the OAuth Code.
    34%20AM

  3. Once you get OAuth code, you can go to Postman to request your Access token. To do so, here is an example url, make sure to replace code with your OAuth code and your redirect url with what you have listed in your marketplace app. Also, for username enter in your development client ID and for password, enter in your developer Client Secret.
    https://zoom.us/oauth/token?grant_type=authorization_code&code=m-eQMGSPM-wGA3ANg&redirect_uri=https://zoom.us

Let me know if that helps!

Thanks

Thanks for the help

Using Postman I am getting the following response:
{
“reason”: “Invalid request : Redirect URI mismatch.”,
“error”: “invalid_request”
}

Even though the redirecturl works for the auth code and is copied directly out of the app config?
Config redirect uri
https://dev.thetherapy.space/_ajax/?ajax_response=oauth&model=zoom&componentID=external_connections

URL is now : https://zoom.us/oauth/token?grant_type=authorization_code&code=6Y6x0lVGDt_XXXMxyKRRhOz1obX4Z0I6g&redirect_uri=https://dev.thetherapy.space/_ajax/?ajax_response=oauth&model=zoom&componentID=external_connections

Username AB_0J0tQA2pe5altgs7Ww
Pwd aaViFxDnrRC4PMjaNZEwo68iar7Axkq0
Auth header is : Authorization : Basic QUJfMEowdFFBMnBlNWFsdGdzN1d3OmFhVmlGeERuclJDNFBNamFOWkV3bzY4aWFyN0F4a3Ew

Hey @rich,

I just tested and was able to reproduce your issue.

I believe the issue is having query params in the redirect url. Can you try removing them so your redirect url becomes https://dev.thetherapy.space/_ajax

https://zoom.us/oauth/token?grant_type=authorization_code&code=6Y6x0lVGDt_XXXMxyKRRhOz1obX4Z0I6g&redirect_uri=https://dev.thetherapy.space/_ajax

Let me know if that works!

Thanks,
Tommy

1 Like

Thanks.

No. We can’t remove the query params, that’s how our system accepts call backs, otherwise you are probably behind a secure login.

However if the token request is only using the URI as validation we can give that a try, providing that we will never need to refresh the authorization code?

It seem odd that the URI works for supplying the auth code in the first place, and then fails when it is used again. We can’t be the first people to have query params in their redirect uri.

I will not be able to get to this until tommororw though, so will respond then.

Hey @rich,

Here is whats happening, in your app dashboard you have
https://dev.thetherapy.space/_ajax/?ajax_response=oauth&model=zoom&componentID=external_connections
as your redirect url.

Then when you go to authorize your app:

https://zoom.us/oauth/token?grant_type=authorization_code&code=6Y6x0lVGDt_XXXMxyKRRhOz1obX4Z0I6g&redirect_uri=https://dev.thetherapy.space/_ajax/?ajax_response=oauth&model=zoom&componentID=external_connections

Zoom handles your &model=zoom&componentID=external_connections as the base URL’s query param, so Zoom is comparing

https://dev.thetherapy.space/_ajax/?ajax_response=oauth&model=zoom&componentID=external_connections

with

https://dev.thetherapy.space/_ajax/?ajax_response=oauth

hence you getting the error:

{
“reason”: “Invalid request : Redirect URI mismatch.”,
“error”: “invalid_request”
}

(I tested having the first query param of ?ajax_response=oauth works, but when you add another one with & it breaks.)

This is the case for most OAuth flows including Googles API. (Referencing this stack overflow answer)

That being said,

The correct way to do this, is to add a query param to the end of the authorization url itself, instead of the redirect url.

For example in my App Dashboard I have https://zoom.us as my redirect url, and then I added a &state=data query param to the auth url:

https://zoom.us/oauth/authorize?response_type=code&client_id={{ clientID }}&redirect_uri=https://zoom.us&state=somedata

This will take you to https://zoom.us/?code=zoiAoSEm98_KdYKjnimT4KPd8KKdQt9FQ&state=data.

Then when requesting an access_token, pass I pass in https://zoom.us as the redirect_url and it works.

https://zoom.us/oauth/token?code=zoiAoSEm98_KdYKjnimT4KPd8KKdQt9FQ&grant_type=authorization_code&redirect_uri=https://zoom.us

Let me know if this helps!

Thanks,
Tommy

HI
Tried the suggest redirect uri.
and
https://dev.thetherapy.space/_ajax

And did finally get a valid response from Postman.

On second run got
{
“reason”: “Invalid request : token created error: Save Access token into Database error”,
“error”: “invalid_request”
}

I assume as I have a token and refresh token I can now use those to access the API.

OK

So some progress. Using the retrieved refresh token a request to

Gives
“reason”: “Invalid Token!”, “error”: “invalid_request”

in code and in Postman?

Is this config on the zoom end?

Hey @rich,

What do you mean “On second run”? Which endpoint are you calling?

And Yes once you have an access_token you can call the Zoom API’s. The access_token only lasts for an hour so once it expires, to get a new access_token, use your refresh token to do so.

POST https://zoom.us/oauth/token?grant_type=refresh_token&refresh_token={ REFRESH TOKEN }&redirect_uri={ REDIRECT URL }

Headers:

{
    "Authorization": "Basic base64Encoded({ ClientID }:{ ClientSecret })"
}

Thanks,
Tommy