@jimig and @fahad.beehive,
Thank you for sharing this feedback with us—I’m currently in the process of confirming this concretely with our Engineering team, but this should be the case as @jimig described it.
While Zoom never explicitly supported including app scopes as part of the authorization URL, this was previously ignored in the case that they were included. However, as part of our ongoing commitment of prioritizing security, a recent enhancement was made that will now consider scopes added directly to the authorization URL to be considered invalid. You will need to omit the scope parameter from your URL and let your OAuth Marketplace App handle the scopes for your integration.
Having said this, I completely understand the headache this can cause if you were previously passing the scopes in the auth URL and not seeing any issues with this until recently.
I’ve raised this with our Engineering team and am actively sharing this feedback with them to make sure changes like this are better announced in the future.
Thank you,
Will