In-Client OAuth issue: blank page displayed

Zoom Apps Configuration
Our app is running on node.js backend and a combination of VanillaJS/AngularJS/React microfrontends.

Description
Our app is published and is working fine, but currently it only supports browser-based installation. We are trying to add In-Client OAuth support for better user experience. We followed the documentation:

• enabled In-Client OAuth checkbox;
• added home page and direct landing page to OAuth allow list;
• on the direct landing page, added client-side code which calls authorize SDK method, listens to onAuthorized event and then completes the OAuth PKCE flow via server.

This new flow works without issues if we trigger it manually from already installed app.

However, we run into issues when trying to test in-client app installation. I follow the instruction for testing the in-client auth by single user: share the app in meeting, remove the app, accept the app invite in the meeting chat. After that, I see the app listing; after pressing the Add button, I see the in-client consent screen, but then after confirming my consent I see just a blank page (see my screen recording).

The app is added successfully, however this blank screen is confusing to our users.

Error?
There is no error message, just blank screen after adding the app, instead of the app’s home page. I cannot open the debugger console, even though it’s enabled: nothing happens when I right-click on the blank screen. The Zoom UI looks broken (see the video I linked above).

Question
Is the described blank screen a Zoom Client bug or it’s somehow related to our app? In the latter case, could anyone please suggest how to debug that?

Additional question - less important
Also, what I find confusing is that I don’t see any requests in the server logs of my app. It means that there was no request to the direct landing page or auth endpoints of my app. Which is strange to me, as I would expect that in-client adding of the app would navigate to the direct landing URL, which in turn would perform the authorize method call and so on. However the consent page is shown before any requests reach my app. Is it normal?

Troubleshooting Routes
I have tried logging out and in again, updating and restarting Zoom client, studying the server logs of my app. Without any success.

How To Reproduce
Reproduced by enabling In-Client Auth and testing it following the instruction. More details in the Description section above.

Zoom client version: 6.3.1 (53598) on Windows.

Note: for testing in-client auth, I had to temporarily disable Guest Mode in the app. Apparently it’s necessary as otherwise testing via app sharing does not trigger auth.

Update: I managed to get it to work, but the fix was quite unexpected: I had to remove the HomeURL template parameters (in my case, I had ?accountId={accountId} parameter in the home page URL). I have all the needed OWASP headers on my home page, but as soon as I add any params in {}, I see the “home page unreachable” warning message (see attached gif below) and encounter the “white screen of death” in the app (though only after in-client auth).

Could if be a bug or my mistake? The {accountId} template parameter is critical for our processes, so unfortunately I cannot proceed without it.

I double-checked that the page returns status 200, no redirects, and all 4 needed OWASP headers

@tkishkin, Thanks for posting in Zoom Developer Forum. This sounds like a bug. Let me test on my end and I will submit a bug ticket if I am able to reproduce.

@tkishkin ,
I’ve tested this on my end and can confirm that adding the parameters to the home URL doesn’t trigger a homepage warning. However, I am seeing an incorrect URL format, for which I’ve created a ticket Z-155202 for our engineering team to investigate.

image788×232 18.4 KB

Okay, it looks like if I only add the account parameter is provided that warning message appears:

image772×254 24.7 KB

Hi @donte.zoom , thanks for checking! I can confirm that with the URL format that you use, I see both Wrong URL format and Home page unreachable messages.

However I think the Wrong URL format has to do with the absence of trailing slash, it disappears if I add / after ngrok.app. Please see the attached gif where I try to demonstrate it.

I would also note that the presense of {accountId} template parameter seems not only to show the incorrect warning message, but also prevents my page to load during in-client auth, as I described in the previous comment. Could you please add this to the ticket? Thanks!

@tkishkin,

I’ve added your comments to the ticket. The TL;DR is the warning message has no impact on the client side, so we can rule out that the OWASP headers missing message is the reason why you are seeing a white screen in the client. I’d love to meet with you to help debug and I’ll share our findings with the engineering team.

In my testing, when we added the parameters, I did not see a white screen. Are you seeing any errors in the console of the Zoom App?

Also, if you remove the parameters, during in-client auth, are you seeing the same behavior?

Small update: we continue researching the issue with the help of Zoom team. @donte.zoom I believe I’ve already answered your questions during the call and in the Community chat, but for clarity I’ll post the answers here as well:

• I don’t see any errors in the console. The debug console cannot be opened after the white screen appears (right click does nothing); if I open the console beforehand, it stays, but I see no errors or failed requests when the issue occurrs;
• If I remove the placeholder query parameters, the issue with the white screen no is longer reproduced.