Encountering "Invalid scope" error during OAuth flow for General App (Beta)

API and Webhooks Meetings
,
1

API Endpoint(s) and/or Zoom API Event(s)

  • OAuth Authorize Endpoint: https://zoom.us/oauth/authorize
  • App Type: General App (Beta)

**Description : **
I am developing a Zoom General App for an internal company dashboard at United Health Care Staffing Inc. to manage recruiter data and internal communications. I have configured the app in the Zoom Marketplace with the necessary scopes and set up a redirect URL using ngrok for local testing. However, when I attempt to authorize the app, I am blocked by a scope error.

Error? The authorization page displays the following error:
“You cannot authorize General app . Invalid scope. Edit on web portal.”

How To Reproduce

  1. Request URL: https://zoom.us/oauth/authorize?response_type=code&client_id=rnHPqr3fT6GPs6wN1_tm4w&redirect_uri=https://abstentious-terresa-pseudoroyally.ngrok-free.dev/api/zoom/callback
  2. Authentication Method: OAuth 2.0 using a General App (Beta).
  3. Steps: Initiate the OAuth flow using the URL above. , Log in with my developer account credentials (adityaks@uhcstaffing.com). The “Invalid scope” error appears instead of the permission request screen.
  4. Additional Info: All scopes requested in the URL have been added and saved in the “Scopes” section of the Zoom App Marketplace portal.
2

Hi @Aditya_singh1
Thanks for reaching out to us!
Are you still having this issue? Can you please share with me what scopes are you adding and what app type are you using (user managed or admin managed app) so I can try and reproduce this on my end

3

Hi Elisa,

Thanks for getting back to me! Yes, I am still facing this issue. Here are the details you requested:

  • App Type: User-managed (General App).
  • Scopes added in Marketplace: * user:read:user , phone:read:list_call_logs, phone:read:list_sms_sessions, phone:read:sms_message
  • Issue: Even though these scopes are added and saved in the Marketplace portal, the authorization page immediately throws the “Invalid scope” error.

I am using this for an internal recruitment dashboard to track call durations and SMS logs for our team. Could it be related to the “Beta” status of the General App, or am I missing a dependency scope?

4

Hi @Aditya_singh1
Can you please confirm that the user trying to authorize the app is under the same account than the user that created the app?
If not, can you confirm your app got approved for Beta test?

5

Hi Elisa,

Thank you for the quick response!

  • User Confirmation: Yes, I am using the same account (adityaks@uhcstaffing.com) that I used to create the app to perform the authorization.
  • Beta Status: I haven’t specifically requested a “Beta test approval” yet, as I am currently testing in my local environment using the “Ready for local test” status.

Is Beta approval mandatory even for the app creator to test the OAuth flow locally? Also, I am using the User-managed app type.

6

Hey @Aditya_singh1
If you are the app creator and testing with your own account, you do not need to request for a Beta URL.

Would you be able to share a screenshot of the issue you are facing?

7

Hi Elisa,

Thank you for the clarification. As requested, I am attaching the screenshot of the error I am facing.

Even though I am the app creator and using my own account, the authorization page is showing ‘Invalid scope. Edit on web portal’.

I have already added and saved the following scopes in my app settings:

  • user:read:user
  • phone:read:list_call_logs
  • phone:read:list_sms_sessions
  • phone:read:sms_message

Could you please look into why these are being flagged as invalid?

Note: I tried to attach a screenshot for you, but I keep getting an error message: ‘An error occurred: Sorry, you can’t embed media items in a post.’