Description
I am currently facing an issue with the Deauthorization Notification feature in the Zoom application. I have set up the Deauthorization Notification for a private testing application. After establishing a connection with the testing application via OAuth and then removing the connection from the Zoom Marketplace, I confirmed that the notification was successfully sent to the Deauthorization Notification endpoint.
However, when I performed the same setup and steps with our public production application, I found that the Deauthorization Notification was not working.
In both cases, I used the Zoom account associated this account with for testing.
The current issue seems to be most closely related to the one described at
Error
No notification is being sent to the Deauthorization Notification endpoint for the public production application.
How To Reproduce
- Applications
- Authentication Method or App Type
- Steps to Reproduce
1’. Set up the Deauthorization Notification for both the private testing application and the public production application.
2’. Establish a connection with each application via OAuth.
3’. Remove the connection from the Zoom Marketplace.
4’. Observe the Deauthorization Notification endpoint for notifications.
- Any Errors
- No errors are displayed, but the notification is not received for the public production application.
Hello, @yuki.niitsuma is your App published? I do not believe this will work in Production till your app is published.
Regards, Kwaku
Hello @kwaku.nyante ,
Thank you for your response.
I have attached the URL of the production app in my forum post, and you should be able to confirm that the app is published by checking the provided URL.
I consider the app to be published since it is visible on the store.
However, if my understanding is incorrect, please let me know.
regards, Yuki.Niitsuma
Hello @yuki.niitsuma OK so your app is Published, so has this never worked or it worked at some point and stopped working?
Is this for all accounts or a specific account?
Regards, Kwaku
Hello @kwaku.nyante ,
Thank you for your response.
so has this never worked or it worked at some point and stopped working?
Deauthorization Notification maybe has never worked in production app.
To be more precise, the URL was set to the wrong Deauthorization Notification URL before the production app was published, but the URL was changed around the time of 2024/07/28 6 AM GMT.
However, even though the URL was changed, the notification is not sent to the URL after the change.
Is this for all accounts or a specific account?
I have tested it with two different accounts, but unfortunately, it did not work with either account.
Regards, Yuki Niitsuma
Hello @kwaku.nyante.
Six days have passed, what is the current status?
If there is not enough information from me, please reply to me and I’ll add it.
Regards, Yuki Niitsuma.
Hello @yuki.niitsuma sorry I had some days off, so when it comes to your de-authorization url are they using the dev client ID or the Prod client ID, it won’t work if it’s using the dev credentials.
Regards, Kwaku
Also if the endpoint is not on the whitelist please add it and give that a try too.
Regards, Kwaku
Hello, @kwaku.nyante.
Thanks for your reply, and I hope your holidays were restful.
when it comes to your de-authorisation url are they using the dev client ID or the prod client ID, it won’t work if it’s using the dev credentials.
I use the production client ID for oauth authentication to make sure it works.
Also if the endpoint is not on the whitelist, please add it and try that too.
Am I correct in assuming that you want me to add the de-authorisation URL to the OAuth AllowList?
If so, I don’t see the need to add the de-authorisation URL to the OAuth AllowList.
Does the de-authorisation URL have to be added to the AllowList of OAuth for the de-association webhook to work?
Regards, Yuki Niitsuma.
Hello,
Yes sometimes that resolves issues like this let’s give this a try, if it doesn’t work we will have engineering get involved.
Regards, Kwaku
Hello, @kwaku.nyante
I have added de-authorized URLs to the OAuth Allow List.
I then linked the app again and “Remove App” from Marketplace, but I did not receive de-authorized notifications.
I tried several times with both accounts and the results never changed.
Regards, Yuki Niitsuma.
Since your app has been published have you submitted the updates for approval?
Regards, Kwaku
Hello, @kwaku.nyante .
Thank you for reply.
No, I did not submit after being published.
Do I need to “Submit for review” even if I only want to change the URL notification address in the de-authorization notification after the app is published?
Regards, Yuki Niitsuma.
Hello, @kwaku.nyante .
Thank you for reply and sorry for the late reply, I was on vacation.
I am going ahead with the “submit for review”.
I just want to confirm one thing.
I am assuming that “submit for review” will not require re-authentication of users who are already connected to the app, but I would like to know if my understanding of this is correct.
I would like to know in advance if I need to re-authenticate, as it would be inconvenient for the current users of the app.
Regards, Yuki Niitsuma.
Only scope changes require re-authorization.
Regards, Kwaku