Https://zoom.us/oauth/token

I am having trouble obtaining an access token, and I was hoping you could provide some assistance.

Specifically, I am following the steps below to retrieve the token:

Procedure:

Navigate to Error - Zoom to obtain the authorization code (code), and I have confirmed that the code is successfully acquired.

Go to https://zoom.us/oauth/token to request the access token. However, the result is a “500 Internal Server Error.”

Logs:

Request Timestamp: 2023-12-07 14:34:15

Request URL: https://zoom.us/oauth/token?grant_type=authorization_code&code=*******************&redirect_uri=https://**************.ne.jp/**************/
Response Timestamp: 2023-12-07 14:34:16

Response Status:
“status”: false,
“errorCode”: -1,
“errorMessage”: “500 Internal Server Error”
I would appreciate it if you could provide guidance on resolving this issue.

Thank you.

Best regards,

Can you make sure you are following the correct guidelines to generate the access token?

Here are the steps that you may be missing:

Request User Authorization

Direct users to the Zoom authorization page:

  1. Construct a URL with the following format:
https://zoom.us/oauth/authorize?response_type=code&client_id=YOUR_CLIENT_ID&redirect_uri=YOUR_REDIRECT_URI

Replace YOUR_CLIENT_ID and YOUR_REDIRECT_URI with your actual client ID and redirect URI.

Obtain an Authorization Code

Once a user authorizes your app, they will be redirected to your redirect URI with a code parameter in the URL. This is the authorization code.

Example URL: https://yourredirecturi.com?code=AUTHORIZATION_CODE

Request an Access Token

Make a POST request to Zoom’s OAuth token URL:

  1. The URL is https://zoom.us/oauth/token
  2. Include the following parameters:
  • grant_type=authorization_code
  • code=AUTHORIZATION_CODE (the code you received)
  • redirect_uri=YOUR_REDIRECT_URI
  1. Authenticate this request with your Client ID and Client Secret. This is usually done using Basic HTTP authentication with the Client ID as the username and Client Secret as the password.

Receive the Access Token

Zoom will respond with a JSON object containing your access token and refresh token.

{
  "access_token": "your_access_token",
  "token_type": "bearer",
  "expires_in": token_expiration_time,
  "refresh_token": "your_refresh_token",
  "scope": "user_profile"
}

Use the Access Token

Use this access token to make authenticated requests to the Zoom API. It will usually be included in the HTTP header like so:

Authorization: Bearer your_access_token

Thank you for contacting us.

I understand the contents.

There was a point I did not explain well enough.
It was working fine until 1 or 2 months ago.
The current situation is that we did not make any changes to the program, but when we ran the check in December, it resulted in an error.

I also checked again, and the program was built according to the specifications you gave us.
(*The information I provided looks like a GET, but it is being sent as a POST.)

Is there any possible cause for this?

This is PG now.

$basic = base64_encode(ZOOM_CLAIENT_ID.':'.ZOOM_CLAIENT_SECRET_KEY);
$return_zoom_url = "**********************************";
$zoom_url        = "https://zoom.us/oauth/token?grant_type=authorization_code&code=" . $code . "&redirect_uri={$return_zoom_url}";

$ch = curl_init($zoom_url);

$headers = [
    'Content-Type: application/x-www-form-urlencoded',
    'Authorization: Basic ' . $basic,
];
$post = array(
    "grant_type"    => "authorization_code",
    "code"          => $code,
    "redirect_uri"  => $return_zoom_url,

);
$options = array(
    CURLOPT_HTTPHEADER => $headers,
    CURLOPT_SSL_VERIFYHOST  => false,
    CURLOPT_SSL_VERIFYPEER  => false,
    CURLOPT_RETURNTRANSFER => true,  
    CURLOPT_CONNECTTIMEOUT => 15, 
    CURLOPT_TIMEOUT        => 15, 
    CURLOPT_POST           => 1,
    CURLOPT_POSTFIELDS     => $post
);

curl_setopt_array( $ch, $options );
$result = curl_exec($ch);

Can you check the following:

  1. The app and the user still exists and either havent been deactivated? Also can you confirm if the user building the app did not migrate between accounts?
  2. You are using the correct app type (i.e. User authorized OAuth)
  3. Can you create another app and check if it is able to generate an access token?

1.The app and the user still exists and either havent been deactivated? Also can you confirm if the user building the app did not migrate between accounts?
⇒Both the app and the user used it

2.You are using the correct app type (i.e. User authorized OAuth)
⇒Sorry, I couldn’t understand
Could you please tell me the details?

3.Can you create another app and check if it is able to generate an access token?
⇒I will check

Is it possible to investigate from the log?
Have the specifications changed in the last few months?

Hi,

nothing has changed to my knowledge. One of the reasons this could be occurring is if you are using credentials from a wrong app type.

Please make sure that you are using the correct app type.