Invalid access token, does not contain scopes:[meeting:write, meeting:write:admin

We are integrating a Zoom Marketplace OAuth application with ServiceNow and would appreciate your guidance on a few observations.

  1. OAuth Authentication and Token Generation Are Successful
    ServiceNow is successfully able to:
    . Redirect users to Zoom for authorization.
    . Complete the OAuth flow.
    . Obtain an OAuth access token from Zoom.
    This suggests that the Client ID, Client Secret, and Redirect URI configuration are generally correct. However Servicenow is not able to create meetings and throwing error as below mentioned in point 2.

  2. Scope Validation Error During Meeting Creation
    When ServiceNow attempts to create a Zoom meeting, it returns the following error:
    'Invalid access token, does not contain scopes:[meeting:write, meeting:write:admin]

However, in our Zoom Marketplace application, we have granted the following meeting creation scope:
meeting:write:meeting:adminShow
Could you please clarify:

  • Is meeting:write:meeting:admin the correct scope required for creating meetings via Zoom APIs?
  • Why is ServiceNow looking for meeting:write , meeting:write:admin. We do not find scope with this syntax in zoom while creating scopes.
  • Have there been any recent scope naming or permission model changes that could impact third-party integrations such as ServiceNow?
  1. Redirect URL Behaviour During Manual Browser Testing
    As an additional test, we manually opened the OAuth Authorization URL generated from the Zoom Marketplace application:
    https://zoom.us/oauth/authorize?response_type=code&client_id=<client_id>&redirect_uri=https://.service-now.com/oauth_redirect.do
    After authenticating with Zoom, Zoom redirects back to ServiceNow with an authorization code, for example:
    https://.service-now.com/oauth_redirect.do?code=<authorization_code>Show more lines
    However, ServiceNow displays the following message:
    Your OAuth redirect failed. Please check if the redirect URL setup in your OAuth configuration matches your ServiceNow instance URL
    At the same time, ServiceNow is able to obtain OAuth tokens successfully when the authorization flow is initiated from within the ServiceNow application.

Hi @Fidelity ,

These are our classic/legacy scopes for this endpoint and are not available to add for new apps. The equivalent correct scopes are the granular scopes shown in the documentation/screenshot below. In your case, meeting:write:meeting:admin since you have an admin-managed app.

Granular scopes were released through Zoom for a few years now, however apps created prior to may choose to still use them. Is this the ServiceNow integration you’re using? If yes, please open a ticket through support and the specialists who created the integration will be able to assist you.

With this redirect behavior, it sounds like you may not be using the Zoom created integration I mentioned above. Please share the ServiceNow integration documentation you used to set everything up. Additionally, this may mean that if it’s ServiceNow created, they need to update their configurations to allow for the granular scopes and any other platform changes that may be impacting the enablement experience.