Step 1, I am acquiring an authorization code from authorize endpoint.
On step 2 I am hitting this endpoint: https://zoom.us/oauth/token and passing the value from step 1 to the code field.
I am passing “grant_type” as “authorization_code”.
Here is the response being provided: {“reason”:“unsupported grant type”,“error”:“unsupported_grant_type”}
Why is it saying “unsupported grant type?” This is exactly what the docs instruct you to do.
Hi @alanj
Thanks for reaching out to us and welcome to our community!
Have you been able to identify your issue here? are you still having trouble getting your access_token via OAuth?
@elisa.zoom This is nothing like the zoom guide I have been following in the slightest. Why isn’t the flow I linked in the original post not working? The guide you linked does not even use the same endpoints and is entirely at odds with the documentation.
Edit: I’ve just edited the above guidance to include the up to date information for manual OAuth authorization. Please reference our Postman workspace which accurately conveys what’s shared in our docs:
@gianni.zoom I am still getting the same error after switching to a user level app and following the postman steps - I can obtain an authorization code just fine, but when I send that value in the code to the token endpoint, I receive an error in JSON that says unsupported grant type. It is also unclear why the endpoint asks for a redirect_uri, when the endpoint should simply return the access token and not redirect the user. The server itself is making this call, not the customer.
Are you creating an OAuth application or a Server-to-Server OAuth application? OAuth applications usually use a grant_type value of authorization_code and a Server-to-Server OAuth application uses a grant_type value of account_credentials.
Make sure to format the request body as a query string to align with the Content-Type: application/x-www-form-urlencoded header you’re passing. I feel that the OAuth 2.0 for user authorized apps walkthrough is providing misleading examples of what your request should look like.
Can you provide a code snippet of how you’re producing the request to https://zoom.us/oauth/token? I’m particularly interested in the headers are being prepared and how the body is being generated. Our application is sending Content-Type: application/x-www-form-urlencoded; charset=utf-8 and using PHP’s http_build_query function to produce the query string which should yield a body like grant_type=authorization_code&code=&redirect_uri=.
Per the PHP documentation for curl_setopt’s CURLOPT_POSTFIELDS, I’m concerned that you are taking a contradictory position on Content-Type where passing a PHP array implies a Content-Type of multipart/form-data (which I don’t think Zoom officially accepts), while you are intending to use application/x-www-form-urlencoded (which Zoom is known to accept). Can you verify the actual headers that are being sent?
Per php’s curl documentation, if CURLOPT_POSTFILEDS is set to an array, then boundary is automatically set and the multipart/form-data is set as well. I will try passing in & delimited parameters and get back to you very shortly.