@tommy before you look into it, the newest refresh tokens are working for me. Wanted to let you know
2 different users are using the same zoom account with our app.
user1 and user2 both authorize our oauth app while being authenticate to the same zoom account.
Next they both call https://api.zoom.us/oauth/token to retrieve their token. Each one get a different token. Everything is working great at this point.
Our problem comes when the user2 call https://zoom.us/oauth/revoke to revoke its token as it’s also revocate the user1’s token.
I’m not sure if that’s how the revoke point is supposed to work. Is that supposed to revoke the given token or all the tokens of the associated account ? We will have to prevent people from sharing their zoom account otherwise.
Sorry for my english.
I am having this same issue as well. I am wondering if this has to do with not publishing my app? Or having it reviewed?
My understanding is that refresh tokens should last 15 days… however for me… It looks like my refresh token is not lasting more than a couple of hours…
THIS IS MY EXACT ISSUE!!!
Have you been able to resolve this?
I have yet to publish my app or get it reviewed by Zoom as a private app. Will this circumvent my issue?!?
I am banging my head against the wall trying to debug this!!!
For me it was mysql column set to 255 char but the refresh token is bigger
1 Like
Thanks for the response. I am able to get it to work locally for a bit. So it leads me to believe that it doesn’t have to do with my database storage of the token…
I just tried again and the error persists…
Using my PROD keys (not published or reviewed yet). It seems like my refresh_token is invalid.
Steps to reproduce…
- POST ‘https://api.zoom.us/oauth/token’ with grant_type ‘authorization_code’ and the code passed from the redirect.
- Response = access_token and refresh_token
- GET
https://api.zoom.us/v2/users/mewith access_token from oauth/token response (from step 1)
- response = zoom user
-
CREATE user in my DB with user from users/me response
-
CREATE zoomToken in database associated with user created in step 3. includes access_token, refresh_token, and the token expiration.
5… (THIS IS WHERE THE ERROR HAPPENS)
Attempt to create a meeting with the access_token from step 2…
I check the expiration and see the token is expired.
- attempt to referesh access_token…
FULL ERROR:
2020-05-18T16:57:34.441228+00:00 app[web.1]: ERROR refreshing token StatusCodeError: 401 - "{\"reason\":\"Invalid Token!\",\"error\":\"invalid_request\"}"
2020-05-18T16:57:34.441234+00:00 app[web.1]: at new StatusCodeError (/app/node_modules/request-promise-core/lib/errors.js:32:15)
2020-05-18T16:57:34.441235+00:00 app[web.1]: at Request.plumbing.callback (/app/node_modules/request-promise-core/lib/plumbing.js:104:33)
2020-05-18T16:57:34.441235+00:00 app[web.1]: at Request.RP$callback [as _callback] (/app/node_modules/request-promise-core/lib/plumbing.js:46:31)
2020-05-18T16:57:34.441236+00:00 app[web.1]: at Request.self.callback (/app/node_modules/request/request.js:185:22)
2020-05-18T16:57:34.441237+00:00 app[web.1]: at Request.emit (events.js:310:20)
2020-05-18T16:57:34.441237+00:00 app[web.1]: at Request.<anonymous> (/app/node_modules/request/request.js:1154:10)
2020-05-18T16:57:34.441237+00:00 app[web.1]: at Request.emit (events.js:310:20)
2020-05-18T16:57:34.441238+00:00 app[web.1]: at IncomingMessage.<anonymous> (/app/node_modules/request/request.js:1076:12)
2020-05-18T16:57:34.441238+00:00 app[web.1]: at Object.onceWrapper (events.js:416:28)
2020-05-18T16:57:34.441238+00:00 app[web.1]: at IncomingMessage.emit (events.js:322:22)
2020-05-18T16:57:34.441239+00:00 app[web.1]: at endReadableNT (_stream_readable.js:1187:12)
2020-05-18T16:57:34.441239+00:00 app[web.1]: at processTicksAndRejections (internal/process/task_queues.js:84:21) {
2020-05-18T16:57:34.441240+00:00 app[web.1]: statusCode: 401,
2020-05-18T16:57:34.441240+00:00 app[web.1]: error: '{"reason":"Invalid Token!","error":"invalid_request"}',```Hey @tmswartz12,
Can you email your refresh token you are using to developersupport@zoom.us and we will take a look?
Thanks,
Tommy
Hey @beek,
This is the expected flow. Since it is the same Zoom account, there will only ever be one set of valid tokens.
Person A signs into Zoom account 1, and authorizes the app. They get the tokens.
Person B signs into Zoom account 2, and authorizes the app. They get new tokens, but the tokens from Person A will no longer work.
If Person B revokes their access token it will revoke the active access and refresh token.
Does that make sense?
Thanks,
Tommy
Emailed!
Thanks for the help Tommy!
1 Like
You are welcome! 
-Tommy
It makes sense. I will prevent this use case now.
You may have a bug though as the tokens from person A are still working when person B signs into zoom in this scenario.
Thank you for the clarification 
1 Like
Thank you @tommy. My issue seems to be caused by authenticating into both development and publishable environments using the same Zoom account. Can you confirm that the following scenario will invalidate the original token:
- authenticate with the local test app
- authenticate with the publishable app
Does this invalidate the token from step 1?
yes, thanks @tommy !
1 Like
Just to give an update for everyone on what was our issue: only one active accesstoken/refreshtoken pair is allowed per zoom account, per 3rd party application . What was happening with our users is that they would connect our app to their zoom account, and then go to a different tenant of our app and do the same. By doing so, the first tenant’s zoom tokens would become invalid.
We put in a workaround where we delete the invalid creds and it was good enough for our use case.
Thank you @tommy for the troubleshooting session.
Thanks @beek, we will investigate this.
-Tommy
Happy to hear @neecholai!
-Tommy
Hey @hima,
Since the Local (Dev) and Publishable (Prod) environments are different, the tokens should not be invalidated.
They should both work.
Thanks,
Tommy
Hello @tommy,
I’ve read this post and a couple of other similar ones as I am experiencing this scenario with one customer using our integration.
By looking at our logs I cannot find any indication of a failure to save the newest refresh token or any network failure during the request to refresh.
Can I send you the relevant access token, refresh token, and rough time this started occuring to help me determine what happened?
Thanks in advance for the help.
Hey @KGEM,
Please provide which endpoints you are calling when you are receiving this error, and an overview of your architecture so I can help debug.
Thanks,
tommy