refresh_token may be lost by the network
The Zoom OAuth2 documentation https://marketplace.zoom.us/docs/guides/auth/oauth#refreshing
says “The latest refresh token must always be used for the next refresh request.”
This way, if we make a request to get a new access token, and the request is successfully received by Zoom, and new tokens are issued, but on the way back there is a network failure, we would lose the new refresh token and the integration would no longer function correctly, through no fault of the user.
This would create a bad experience for the user, as they would be un-authenticated, and stop receiving updates, or be requested that they re-authenticate. They may associate with both Zoom and our application.
Do you have any workarounds for allowing retrying of the token_refresh or do you plan to add an idempotent version of the API where we can protect against network errors.
Which App Type (OAuth / Chatbot / JWT / Webhook)?
How To Reproduce (If applicable)
Steps to reproduce the behavior:
- Configure OAuth App
- Create a fake network error when refreshing a token
- The app is now unauthorized, and it is impossible to retry the request
Screenshots (If applicable)