Frequently receiving invalid_request / token revocation from Zoom

Hi @fahad.beehive,

Thanks for reviewing my tips and for the feedback. In order to help confirm what is causing this issue for you, can you please share an example of a recent token that threw this error? You can email this to us at developersupport@zoom.us and reference this thread.

This will help us to take a closer look.

Thanks,
Will

Thanks Will, however we don’t store or log our token IDs so I don’t know how to provide you with one. We have not been able to reproduce this on our mac but several of our customers are experiencing this problem daily. We don’t have any way of sharing the tokens.

We’ve managed to send a user a special build that logs the token. I’ve emailed developer support - if someone could please look into this for us.

Here’s what we’re doing:

  1. User authenticates with zoom, we save both refresh / access tokens

We do this each time:
2) Before each request made to Zoom, we check if a refreshed token is needed. We make a call to Zoom to refresh the tokens.
3) The returned refresh / access tokens are saved and re-used for subsequent requests (step 2).

We’ve added additional logging to our app and can see Zoom is failing to provide a new access token for a refresh token previously used (and still valid). This is for a mac app, where we make a single request to Zoom at a time. We’re not making multiple requests where we may end up requesting two different tokens. I don’t know what’s going on.

Also, I don’t know if this matters, but the user is using our app on three macs (each authenticated separately of course). Could this be causing automatic revocation? Can they use the same app authenticated multiple times on different machines?

Hi @fahad.beehive,

I can see that we’ve connected over email and I will continue the conversation there.

Thanks,
Will

We’re running into the same issue with our integration. If a resolution is reached, can you please post it back to this thread?

There seems to be no resolution for now - this is a bug with how Zoom handles OAuth. They invalidate your refresh token and auth tokens the moment the user authenticates on a different device.

@morgs.dovetail please see my post here:

Thanks,
Will

Zoom if you are keeping track we are also having this issue. Supporting multiple devices is an important part of most web apps in todays world. Thanks.

As a quick fix at least can Zoom not invalidate the previous refresh token so we can at least issue a new authorization token without having to re-auth from scratch?

I think Zoom is well aware of the problem, but perhaps don’t feel the urge to fix this since their own app doesn’t do this and have yet not experienced this by trying to use an app that keeps asking them to re-authorize every single day. If they can force their engineer(s) into a room for three days with nothing but an app that does this, they may soon realize how frustrating this is for both users and developers that keep hearing about this multiple times a day every single day.

Point to me ONE other app in this entire universe that does this and I will rest my case. This is not expected behavior, this is not a security feature; this is a glaring oversight and an embarrassing flaw in the current authorization flow that must take precedence over any new feature that the team is working on.

This is so bad that even our users don’t buy the excuse - they refuse to believe that Zoom cannot handle more than one active device at a time. I feel unless I start forwarding all these emails we receive, to zoom, this problem may never get fixed.

Thanks again for your feedback Fahad. I understand the frustration and this is an experience we’re hoping to improve. I’ve put in a feature request for this internally, and will be happy to share any developments on this as I have them. (ZOOM-251271)

Thank you,
Will

Many thanks Will! I’m only nitpicking but this doesn’t really fall under a feature request. It’s a bug-fix request :slight_smile:

Understood—thanks Fahad. :slight_smile:

Hi! I am experiencing the exact same issue. What was the final verdict of this? Is Zoom investigating or do we just have to build in fallback behavior on our end if we are not able to get a new access token?

As Will said, I believe it’s been reported to the development team. I would like to however add that since the last time I posted a message, we’ve continued to receive complaints daily from our users trying to use their account on our app across multiple devices. The need to reauthorize every day across devices is getting to everyone’s nerves.

Hi @ashish1O8,

Zoom does not currently support simultaneous access_tokens across different devices at the same time. We are exploring options to improve this experience.

Thanks,
Will

Thanks Will, that sounds promising. Just so you know how annoying this is - since I last replied (21 hours), we’ve received yet more complaints about the same thing. People end up thinking it is our app at fault and at times demand a refund.

We’re still holding off on deploying Zoom integration to our iOS app in fear that we’ll receive dozens of complaints every day since people use iPhones + iPads more often. We’re also technically losing sales since competitors have integrated with zoom for their iOS app while we have not.

We appreciate the feedback, Fahad. We will continue to keep you posted on new developments.

Best,
Will

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.