"Invalid request : Redirect URI mismatch." when requesting access token after signing into Zoom during OAuth flow

Description
I have my a Zoom app setup to create and manage meetings and webinars, which we have tested and working. The OAuth flow only works if users are already signed into Zoom. If they are required to sign into Zoom during the OAuth flow, the error “Invalid request : Redirect URI mismatch” is returned when requesting the access token from Zoom. The redirect uri is identical in both cases, the only difference being the signed in state on Zoom.

Error
When requesting the access token with a fresh code from the OAuth flow, this error is returned.
{"reason"=>"Invalid request : Redirect URI mismatch.", "error"=>"invalid_request"}

Which App Type (OAuth / Chatbot / JWT / Webhook)?
OAuth

Which Endpoint/s?
/oauth/token POST endpoint.

How To Reproduce (If applicable)
Steps to reproduce the behavior:

  1. Ensure you are signed out from the Zoom website.
  2. Start the OAuth flow, integrated based off this guide https://marketplace.zoom.us/docs/api-reference/using-zoom-apis.
  3. Sign into Zoom
  4. Authorize the app
  5. Take code and redirect url and request an access token
  6. “Invalid request : Redirect URI mismatch.” error is returned instead of token.

If you follow these same steps, but are already signed into the Zoom website, the access token will be returned, no error.

Hey @AddisonMighty

Thanks for posting on the Zoom Devforum! I am still learning, but I will try my best to help answer your question. :slightly_smiling_face:

Checkout these related threads that may have the answer you are looking for:

If these threads did not help, please let us know by replying back here and someone from the Developer Relations team will get back to you shortly.

Thanks,
DeveloperBot

Hi DeveloperBot,

None of those issues line up with this new one.

Hey @AddisonMighty,

Checkout my post here:

Let me know if that helps! :slight_smile:

Thanks,
Tommy

Hi @tommy,

Thanks for the reply. Unfortunately that issue does not help. My issue only happens when the user has to sign into Zoom during the OAuth flow. If they are already signed into Zoom, no error is encountered. The redirect uri is the same in both cases.

Hey @AddisonMighty,

I have just private messaged you about this. :slight_smile:

Thanks,
Tommy

Hi @tommy

We have exactly the same problem as Nad. If the user is not logged in into his zoom account at the start of oauth flow, and logs in during the flow, then as a result we cannot get his token. The /oauth/token endpoint returns this error:

{
  error: 'invalid_request',
  reason: 'Invalid request: Redirect URI mismatch.'
}

If the user has already been logged in before the start of oauth flow, then everything works as expected.
In both cases, we use the same redirect uri and the process from our side is no different. The only difference is whether the user was logged into his zoom account.

How to reproduce:

  • Sign out of your zoom account
  • Start the oauth flow process
  • Zoom prompts the user to log in
  • Authorize the app
  • The user returns to our site to the redirect uri specified by us earlier on the step #2
  • An error occurs when trying to get a token

Steps for which authorization works:

  • Login to your zoom account
  • Start the oauth flow process
  • Authorize the app
  • The user returns to our site to the redirect uri specified by us earlier on the step #2
  • Successfully obtaining user’s token

Hey @denis.stebunov,

Please checkout my post here:

Let me know if that helps! :slight_smile:

Thanks,
Tommy

hey @tommy,

thank you for your response, but it doesn’t solve the problem. Everything works fine if a user has been already logged in on the Zoom website. However, if a user was NOT logged in on the Zoom website prior to clicking the authorization link, and logs in during the process, then it fails with the message above. My understanding is that it’s a bug in Zoom because it either works or fails with exactly the same setup on our side.

thanks,

Denis

Hey @denis.stebunov,

I have just private messaged you.

Thanks,
Tommy

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.