This is for developer-specific feature requests. For other requests please contact our customer support team.
Is your feature request related to a problem? Please describe.
I chatted with Will from your Developer Support team about this, and he suggested I create a feature request.
We operate Pipedream, an integration platform that allows users to build “workflows”: automations between services (e.g. when someone fills out a Typeform, create a Zoom meeting with relevant details, send me a Slack message, etc.). Users can authorize Pipedream’s access to their Zoom account using a Zoom OAuth app we’ve built.
Recently, users have reported that they’re getting intermittent 401 responses from Zoom when they make an API request to Zoom within a Pipedream workflow. I was able to reproduce. I decoded the access token, and confirmed the expiry was in the future at the time the API request was made. After discussing with Will, he noted one source of 401s from Zoom:
If a new access token is generated, both the previous access token and refresh token will become invalid. So you will need to update each of these tokens each time you request a new access token.
I believe this is affecting us here:
- A user’s workflow starts. If the user connects to the Zoom API within a workflow, we pass that workflow a fresh OAuth access token for that user.
- Many workflows run for tens of seconds, or minutes, since they contain many steps and make many API requests. During this time, we may refresh the user’s OAuth access token - we do this periodically as the token approaches its expiry, to ensure that the token never expires before it’s used in a workflow.
- The workflow hits the step where it makes a request to the Zoom API, but since we’ve refreshed the access token, the token that was delivered to the workflow is invalid, since we’ve created a new one.
This is especially problematic for us, since workflows run constantly, and a given access token can be “in flight” at any given time, for multiple invocations of a workflow. We’d essentially have to:
- Pause incoming events while the current workflow executions finish
- Refresh the access token
- Run all executions that were queued while we waited for token refresh, passing the new access token
#1 is an issue, since users expect workflows to run as soon as the event that triggers them arrives. And in general, this kind of coordination is difficult in a distributed system like ours. Other OAuth apps allow previously-issued tokens to remain valid, up until their expiry.
Describe the solution you’d like
I’d like Zoom to allow previously-issued access tokens to remain valid up until their expiry, instead of invalidating previously-issued tokens.
We integrate with hundreds of OAuth apps. Zoom is only app where we’ve observed this behavior. Other OAuth apps appear to allow previously-issued OAuth tokens to remain valid when new ones are issued, and only expire the tokens at their expiry.