Since the backend is rejecting the request and sending 400 error , the logs didn’t show any specific reason just 400 bad request.
So to reproduce the error:
1.Make an fetch post request from one of the trigger in inclient app to your custom backend.( I was using onactivespeakerchange trigger for my app and sending data to my backend from in client (react app))
2. I got cors error first, and request wasn’t even reaching the backend to overcome it i added mode:“no-cors” in request options. Then request was getting to my custom backend but logs showed error 400 bad request
Hi @MaxM , thanks for checking in. If you look above it my post from July 12 I’ve provided the simplest example I can come up with. I just checked again and it is still not functional.
A code and redirectUri are successfully received from onAuthorized on the client.
A server side post request is then immediately made to the following endpoint with a valid authorization header: https://zoom.us/oauth/token?grant_type=authorization_code&code=[CODE]&redirect_uri=[REDIRECT_URI]
I am also encountering the same problem, using in-client zoom authentication. At first, we invoke the zoomSdk authorize method, and the zoomSdk onAuthorize listener responds with code and redirectUri.
Then we make a post request from our server to https://zoom.us/oauth/token with headers Authorization and Content-Type and with body code, grant_type, redirect_uri and code_verifier.
The zoom server responds with {“reason”:"Invalid authorization code dELd_jsIxm7eUTR-**",“error”:“invalid_grant”}
Thanks and here are some things to try with your POST request for the auth token:
make sure you add a code parameter equal to the code you received from onAuthorize (I didn’t see this in Krishna’s post above)
grant_type is ‘authorization_code’
redirect_uri - make sure this is the same as the location.href value in the embedded browser at the time of authorize invocation. Also make sure this location is added to your OAuth allowed list in the build flow
Pls make sure you use the PKCE feature. This means generating a code verifier, passing a SHA256-generated codeChallenge field to the authorize invocation options, and then adding a code_verifier param to your authorization code request. (Pls see OAuth 2.0 specs on SHA256 PKCE)
IF none of this works, maybe try messing with the following:
Using the “auth” parameter for Basic Auth - eg axios
try in-line url-encoded data field, with Content-Type header == ‘application/x-www-form-urlencoded’
Still unfortunately having the same issue here as the others with the in-client oauth process. I’ve double-checked that my challenger/verifier strings are correct by manually going through the oauth process at https://zoom.us/oauth/authorize and was able to get a code/token without issue. However with the in-client sdk authorize/onAuthorize route, I just keep getting the invalid authorization code-invalid_grant errors when trying to exchange the code for the token.
I’m using the same method in the backend to exchange tokens for both the https://zoom.us/oauth/authorize and in-client route, so the issue shouldn’t be there. I’ve tried going through PostMan with the authorization code received from the in-client oauth and still get the same issue. Have also double checked that my redirect_uri is the window.location.href value and is added to the oauth allowed list. Also tried moving the params to the request body with application/x-www-form-urlencoded but no effect.
Do you know if the zoomSdk.authorize method is ultimately reaching the same endpoint on Zoom’s end as https://zoom.us/oauth/authorize, or could there be some difference between how the two routes handle a code challenge? Or is it simply that I can’t obtain a new access token through the in-client oauth process if a user has already been authorized through the regular “Add your app” route?