Description
Our OAuth flow worked prior to adding PKCE support, this is part 2 of https://devforum.zoom.us/t/pkce-code-challenge-method-not-supported/51510
The redirection is followed and I have a code, so I’m now at step 2 attempting to submit the code to get an access token: https://marketplace.zoom.us/docs/guides/auth/oauth#step-2-request-access-token
but the endpoint https://zoom.us/oauth/token returns “reason”:“Invalid authorization code {code}”,“error”:“invalid_request”
Which App Type (OAuth / Chatbot / JWT / Webhook)?
OAuth
Which Endpoint/s?
https://zoom.us/oauth/token
How To Reproduce (If applicable)
Steps to reproduce the behavior:
-
GET
https://zoom.us/oauth/authorize?response_type=code&state={state}&code_challenge={code_challenge}&code_challenge_method=sha256&client_id={client_id}&redirect_uri={redirect_uri} -
Redirect / 302 to {redirect_uri}?code={code}&state={state}
-
POST
https://zoom.us/oauth/token
in body as (application/x-www-form-urlencoded):
grant_type=authorization_code
code={code}
code_verifier={code_verifier}
redirect_uri={redirect_uri}
I’ve also tried encoding all parameters in the Url (as suggested in another post), but the response is the same “Invalid authorization code”:
POST https://zoom.us/oauth/token?grant_type=authorization_code&code={code}&code_verifier={code_verifier}&redirect_uri={redirect_uri}
Update:
I’ve refined my code changes so the only differences between an oauth flow that I’ve confirmed works* and the above steps are:
Calling https://zoom.us/oauth/authorize - add code_challenge and code_challenge_method parameters
Calling https://zoom.us/oauth/token add code_verifier
*Authorization / Content-Type are correct etc
so the problem does seem to be PKCE-related?