Zoom Apps Configuration
Angular 19 app using @zoom/appssdk@0.16.27.
Description
We are using in-client OAuth to authenticate users (authorize / onAuthorized) with a PKCE verifier using "code_challenge_method": "S256", which was working perfectly in our published app until the 9th of April. After that, we started occasionally seeing Invalid Authorization Code / invalid_grant errors when calling /oauth/token to redeem the authorization code. As of the 11th of April, this has now stopped working entirely and always returns invalid_grant. We have not made any changes to our apps, so this appears to be a breaking change on Zoom’s side.
A related post here mentions that PKCE may no longer work with a plain code_challenge_method. We are using a SHA-256 hash with "code_challenge_method": "S256", so this does not appear to be exactly the same issue, although the timeframe lines up with the issues we are seeing.
Error?
[{ “reason”: “Invalid authorization code”, “error”: “invalid_grant” }]
Troubleshooting Routes
We have tried changing to a plain verifier, and removing the PKCE verifier entirely, but this just gives the same error. We have 3 separate apps which are all affected in exactly the same way.
How To Reproduce
Use the in-client OAuth flow with a SHA-256-hashed verifier, then attempt to redeem the authorization code with a request to https://zoom.us/oauth/token, as described in Authentication, and GitHub - zoom/zoomapps-advancedsample-react: This repository contains an Advanced Zoom Apps Sample. It should serve as a starting point for you to build and test your own Zoom App in development..