How to refresh token if refresh_token in incorrect

Hello,

My app properly goes through described process https://developer.zoom.us/docs/oauth/, but in some point of time it didn’t handle refresh and store new refresh_token during few parallel processes.

Could you please let me know how to refresh token if stored refresh_token is already inactive?

Thanks

Hi @romanio,

Refresh tokens have a lifetime of 15 years, you should still be able to use the refresh_token to get a new access token [0].

0 - https://marketplace.zoom.us/docs/guides/authorization/oauth-with-zoom#refresh-access-token

Thanks

Hi @Michael_Purnell,

I didn’t manage to store new refresh_token as documented “Please make sure that you store the new refresh token as well when refreshing the access tokens.”.

So what my app did:

  1. Got token and saved token and refresh_token, let’s call v1
  2. In one hour it refreshed token using refresh_token.v1 and saved token and refresh_token v2
  3. The app made request to refresh token with refresh_token.v3 and didn’t manage to save new token and refresh_token
  4. The app going to refresh token but only have refresh_token.v3, the api respond with error that refresh_token is invalid.

Can I somehow renew token if I have only refresh_token.v3 and didn’t manage to save tokens from attempt v4?

Thanks

Hi @Michael_Purnell,

Can you please help to get new token if last refresh_token is missed but I have previous before last.

Thanks

Hi @romanio,

If you don’t have the refresh token, you will need to re-authenticate to get a new access token along with refresh token.

Thanks

Is there no other way to get a valid refresh token? Our application is a back-end application that retrieves data for multiple tenants/Zoom accounts. It is not always an option to ask the customer to re-authorize our application for data extraction. I’ve got the most recent first time access code (code = xxxx from redirect). But, I can’t even use that first time access code to re-request the first time access token. The Zoom auth server tells me that even the first time code value is invalid. Summary: access token is expired, Refresh token is invalid and first time access code is invalid. So, if we have an issue saving the latest refresh token, then we are dead in the water? Seems harsh for multi-tenant/account applications.

Hi @katyle,

Right now the only way to get the refresh token is to have the user re-authenticate the app. The most recent access code can only be used to retrieve it’s respective access and refresh tokens and not the previous ones. Refresh tokens has a expiration date of 15 years and the only way they are invalid is if there was another access & refresh token generated afterwards.

Is there a reason why the most recent refresh token was not saved?

Thanks

A new access token and refresh token were saved in Key Vault at around 9:44 PM on the 17th, Pacific time. But, this token was giving us an odd error when we tried to use it to authenticate with. I then tried “rolling back” to the previous access token and
refresh token, since Azure Key Vault saves versions of secrets. But, this token was, of course, already expired. Do you want me to send the access token and refresh token that was giving us the odd error?

Katy

This message (including any attachments) contains confidential information and is for the sole use of the intended recipient. If you believe that you have received this email in error, please destroy it and notify the sender immediately.

Hi @katyle,

Sure, you can send us the information to developersupport@zoom.us and we’ll take a look.

Thanks

When I’m actually using the access token, I’m getting an error message which I can understand ({“code”:124,“message”:“Access token is expired.”}). But, when I’m trying to get a refreshed access token, I’m getting the following error:

“code”:124,“message”:“the token id160is outside of the token tolerance offset0. The current id is 161”.

As far as I can see from the Azure diagnostic logs, there were not any failures writing to Azure Key Vault. Is it possible that the refresh token was explicitly de-commissioned on your end?

Thanks,

Katy

This message (including any attachments) contains confidential information and is for the sole use of the intended recipient. If you believe that you have received this email in error, please destroy it and notify the sender immediately.

Hi @katyle,

No, we don’t de-commission keys on our end. Usually when you receive this message, that means the refresh token is invalid. Was there any network errors or outages?

The quickest way would be to have the customer re-auth the app to obtain a new access & refresh token.

Thanks

1 Like

Thanks Michael.

Edward/Arul:

I created a ticket with MS for them to check the diagnostic logs for our Azure Key Vault. I didn’t see any store secret failures in the time frame in question. Neither did Microsoft. So, it is still a bit of a mystery. When I get a minute, I’ll write a
query to run against my Azure table logging to list key vault updates on the 18th. I realized later that the history list for Key Vault secrets that we see in the Azure portal is not easily searchable in order by date/time.

Katy

This message (including any attachments) contains confidential information and is for the sole use of the intended recipient. If you believe that you have received this email in error, please destroy it and notify the sender immediately.

Hi @katyle,

Let us know if you have any other questions.

Thanks

I’ll update you on this thread if I glean any additional information.

Katy

This message (including any attachments) contains confidential information and is for the sole use of the intended recipient. If you believe that you have received this email in error, please destroy it and notify the sender immediately.

@katyle Ok just let us know.