Error 403 (forbidden) when trying to get oauth access token

API and Webhooks
#1

Hi, I have been trying to get oauth access token from a server with PHP but I always get 403 error.
I saw other similar post but they seem to have been resolved by private message or using Content-Type: application/json.

This is my test code:

$url = 'https://zoom.us/oauth/token?grant_type=authorization_code&code=u6NUmBQkQV_KQicgZepTombV7amtbobPQ';
$auth = base64_encode($this->zoom_client_id . ':' . $this->zoom_client_secret);
$context = stream_context_create([
    'http' => [
        'method' => 'POST',
        'header' => "Authorization: Basic $auth\r\nContent-Type: application/json\r\n",
    ]
]);
echo file_get_contents($url, false, $context);
#2

Hey @JonaDuran,

Thank you for reaching out to the Zoom Developer Forum. Are you able to make this request successfully when using a REST client to handle the OAuth flow, such as Postman? I would also make sure that you are including a redirect_uri as listed in the OAuth documentation.

While this may not be exactly related, you may also want to pass headers as an array instead of a string:

Let me know if that helps.

Thanks,
Max

#3

Hi @MaxM, I get the same error passing redirect_uri, now I can see that the reason is “Redirect URI mismatch” but the answer is the same with any redirect_uri even if it is on my whitelist or in the “Redirect URL for OAuth” field.

Screen Shot 2021-01-06 at 2.26.04 p.m.
Screen Shot 2021-01-06 at 2.26.04 p.m.1029×495 40.2 KB

Screen Shot 2021-01-06 at 2.29.05 p.m.
Screen Shot 2021-01-06 at 2.29.05 p.m.744×440 39.1 KB

#4

Hey @JonaDuran,

Thank you for testing that, do you get the same error if you add the entire OAuth redirect URL to your whitelist?

Thanks,
Max

#5

Yes @MaxM, I get exactly the same error.

#6

Hey @JonaDuran,

Thank you for the update. When you’re testing this locally, are you using a port other than 80 or 443? If so, please try adding the port that you’re using to the whitelist.

Thanks,
Max

#7

@MaxM, I’m using the port 80, I did the test that you comment and the answer is the same.

#8

Hey @JonaDuran,

I did a bit more digging into this and it looks like this is a known issue for URLs that are not publicly accessible. Please see the following forum post for more information on this:

Thanks,
Max

#9

Hi @MaxM, I get the same answer.

Screen Shot 2021-01-14 at 11.04.23 a.m.
Screen Shot 2021-01-14 at 11.04.23 a.m.1263×453 104 KB

#10

Hey @JonaDuran,

It looks like you’re doing everything right, the only advice I have to offer is to make sure that you’re updating the whitelist/redirect URL each time you restart your ngrok server as it does change on each server restart. If that doesn’t help, I’ve DM’d you a tool to schedule a meeting so we can investigate this over Zoom.

Thanks,
Max