Hello,
I am doing some discovery on our existing Zoom applications and how they are configured before we adopt the required conversion and make the necessary DSA updates to be in compliance with European standards.
I am attempting to test our app integration by trying to connect an application to a local environment. I think I have gone through and set up all of the requisite connection points, but I keep receiving an error on the Zoom side of things indicating that my redirect URL is invalid.
I have confirmed that the URL is correct both by hitting it via my local environment and leveraging the Authorization URL value from the app management page. Unfortunately, the Authorization URL does not include the state query string parameter which we require on our end; this results in my test in that manner failing.
If I go through the normal process flow we have, then I can get to Zoom and authenticate (https://zoom.us/oauth/authorize?response_type=code&client_id=...&redirect_uri=https://liveinterview.local.hvue.io/api/zoom/OAuthReturn&state=…), but I never get redirected back out. I ultimately land on the Zoom website with the following error:
Invalid redirect: https://liveinterview.local.hvue.io/api/zoom/OAuthReturn (4,700)
I have added the above URL to the allow list for the app, but it still doesn’t seem to like it. The name of the application is “HireVue - Local Development”.
At this time, I am at a bit of a loss as to why the URL would be considered invalid and I am looking for guidance on what changes might be required to facilitate getting a successful connection and test to the marketplace app.
Thanks,
Aaron
Hi @ModernHire
Thanks for reaching out to us.
Happy to help here! is this issue happening when adding the development or production version of your app? Have you tried base64encoding or url encoding your state params if they include special characters?
Hi Elisa,
This appears to be occurring with both the development and the production version of the app. From what I can tell, the old return URL is “stuck” and keeps getting used instead of the new domain that was specified.
In looking through other posts, I did notice that there were some replies indicating that the changes would not take effect until the application was successfully published; is this true for both versions of the app or just the production version?
I am working through the necessary steps to try to get the application published to see if this will get me unblocked. I am currently waiting on domain verification steps to be completed.
Thanks,
Aaron
Hi @ModernHire
If you make any changes to your app, you should always submit your app for update review, that way the changes you’ve made will be reflected in production
I have been informed that I cannot publish this application, because it is intended to be used for local development purposes only.
I have attempted to install the Zoom app via our application, but I am consistently getting the Invalid redirect: https://liveinterview.local.hvue.io/api/zoom/OAuthReturn (4,700) response from the https://zoom.us website. The URL that I need to redirect to is a locally running environment, but I do know that the URL works.
The code we have on our end is setup to expect a Base64 encoded state parameter in the query string, which we then decode. However, the authorization url available when managing the Zoom application (https://zoom.us/oauth/authorize?response_type=code&client_id=QwX7AeSmQK6u1hfSqo7pxA&redirect_uri=https://liveinterview.local.hvue.io/api/zoom/OAuthReturn does not contain the state parameter. As a result, our code throws a null reference exception and the system fails to connect to two applications together.
What needs to be done so that Zoom will allow me to connect using the local environment redirect URL?
We are quickly approaching the deadline for updating our EU application to comply with DSA and these blockers will likely ensure that we miss that deadline.
Thanks,
@ModernHire
Let me reach out to the Marketplace team to ask more about this.
HEy @ModernHire thanks for your patience here!
Internal only apps should not be impacted by DSA blocking authorization of non DSA apps
Hi Elisa,
I think I may have had a breakthrough regarding the behavior I was experiencing.
It appears that we had some rogue settings on our end that were routing our local applications to the wrong marketplace app (via ClientID), and this caused the issues with the redirect URL we supplied being rejected.
I am chasing down some documentation updates on our end to better explain the configuration process, so that this will hopefully not cause issues for developers in the future.
I think, at this time, we can consider this issue solved.
Thank you.
1 Like