Error 403 (forbidden) when trying to get oauth access token

JonaDuran · January 5, 2021, 5:34pm

Hi, I have been trying to get oauth access token from a server with PHP but I always get 403 error.
I saw other similar post but they seem to have been resolved by private message or using Content-Type: application/json.

This is my test code:

$url = 'https://zoom.us/oauth/token?grant_type=authorization_code&code=u6NUmBQkQV_KQicgZepTombV7amtbobPQ';
$auth = base64_encode($this->zoom_client_id . ':' . $this->zoom_client_secret);
$context = stream_context_create([
    'http' => [
        'method' => 'POST',
        'header' => "Authorization: Basic $auth\r\nContent-Type: application/json\r\n",
    ]
]);
echo file_get_contents($url, false, $context);

MaxM · January 5, 2021, 10:49pm

Hey @JonaDuran,

Thank you for reaching out to the Zoom Developer Forum. Are you able to make this request successfully when using a REST client to handle the OAuth flow, such as Postman? I would also make sure that you are including a redirect_uri as listed in the OAuth documentation.

While this may not be exactly related, you may also want to pass headers as an array instead of a string:

Let me know if that helps.

Thanks,
Max

JonaDuran · January 6, 2021, 8:35pm

Hi @MaxM, I get the same error passing redirect_uri, now I can see that the reason is “Redirect URI mismatch” but the answer is the same with any redirect_uri even if it is on my whitelist or in the “Redirect URL for OAuth” field.

MaxM · January 7, 2021, 7:23pm

Hey @JonaDuran,

Thank you for testing that, do you get the same error if you add the entire OAuth redirect URL to your whitelist?

Thanks,
Max

JonaDuran · January 7, 2021, 8:01pm

Yes @MaxM, I get exactly the same error.

MaxM · January 8, 2021, 9:05pm

Hey @JonaDuran,

Thank you for the update. When you’re testing this locally, are you using a port other than 80 or 443? If so, please try adding the port that you’re using to the whitelist.

Thanks,
Max

JonaDuran · January 8, 2021, 10:30pm

@MaxM, I’m using the port 80, I did the test that you comment and the answer is the same.

MaxM · January 11, 2021, 8:37pm

Hey @JonaDuran,

I did a bit more digging into this and it looks like this is a known issue for URLs that are not publicly accessible. Please see the following forum post for more information on this:

Thanks,
Max

JonaDuran · January 14, 2021, 5:09pm

Hi @MaxM, I get the same answer.

MaxM · January 15, 2021, 8:20pm

Hey @JonaDuran,

It looks like you’re doing everything right, the only advice I have to offer is to make sure that you’re updating the whitelist/redirect URL each time you restart your ngrok server as it does change on each server restart. If that doesn’t help, I’ve DM’d you a tool to schedule a meeting so we can investigate this over Zoom.

Thanks,
Max

system · February 15, 2021, 6:20am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.