I am currently facing an issue with the Deauthorization Notification feature in the Zoom application. I have set up the Deauthorization Notification for a private testing application. After establishing a connection with the testing application via OAuth and then removing the connection from the Zoom Marketplace, I confirmed that the notification was successfully sent to the Deauthorization Notification endpoint.
However, when I performed the same setup and steps with our public production application, I found that the Deauthorization Notification was not working.
In both cases, I used the Zoom account associated this account with for testing.
The current issue seems to be most closely related to the one described at
Steps to Reproduce
1’. Set up the Deauthorization Notification for both the private testing application and the public production application.
2’. Establish a connection with each application via OAuth.
3’. Remove the connection from the Zoom Marketplace.
4’. Observe the Deauthorization Notification endpoint for notifications.
Any Errors
No errors are displayed, but the notification is not received for the public production application.
I have attached the URL of the production app in my forum post, and you should be able to confirm that the app is published by checking the provided URL.
I consider the app to be published since it is visible on the store.
However, if my understanding is incorrect, please let me know.
so has this never worked or it worked at some point and stopped working?
Deauthorization Notification maybe has never worked in production app.
To be more precise, the URL was set to the wrong Deauthorization Notification URL before the production app was published, but the URL was changed around the time of 2024/07/28 6 AM GMT.
However, even though the URL was changed, the notification is not sent to the URL after the change.
Is this for all accounts or a specific account?
I have tested it with two different accounts, but unfortunately, it did not work with either account.
Hello @yuki.niitsuma sorry I had some days off, so when it comes to your de-authorization url are they using the dev client ID or the Prod client ID, it won’t work if it’s using the dev credentials.
Hello, @kwaku.nyante.
Thanks for your reply, and I hope your holidays were restful.
when it comes to your de-authorisation url are they using the dev client ID or the prod client ID, it won’t work if it’s using the dev credentials.
I use the production client ID for oauth authentication to make sure it works.
Also if the endpoint is not on the whitelist, please add it and try that too.
Am I correct in assuming that you want me to add the de-authorisation URL to the OAuth AllowList?
If so, I don’t see the need to add the de-authorisation URL to the OAuth AllowList.
Does the de-authorisation URL have to be added to the AllowList of OAuth for the de-association webhook to work?
I have added de-authorized URLs to the OAuth Allow List.
I then linked the app again and “Remove App” from Marketplace, but I did not receive de-authorized notifications.
I tried several times with both accounts and the results never changed.
No, I did not submit after being published.
Do I need to “Submit for review” even if I only want to change the URL notification address in the de-authorization notification after the app is published?
Hello, @kwaku.nyante .
Thank you for reply and sorry for the late reply, I was on vacation.
I am going ahead with the “submit for review”.
I just want to confirm one thing.
I am assuming that “submit for review” will not require re-authentication of users who are already connected to the app, but I would like to know if my understanding of this is correct.
I would like to know in advance if I need to re-authenticate, as it would be inconvenient for the current users of the app.