"Invalid Token!" when trying to Refresh Token to get a new access_token, refresh_token pair

The access-token expires every hour so I need to use the refresh_token to get a new access_token, refresh_token pair. However I may not be using the latest refresh_token. But how can I know what the latest is? It may have been discarded. Seems like an unrecoverable position to be in! Any way to find out what the latest access-token and refresh_token is? Or even that in fact the refresh_token I’m using is not the latest.

status 401
body {“reason”:“Invalid Token!”,“error”:“invalid_request”}

Which App Type (OAuth / Chatbot / JWT / Webhook)?

Which Endpoint/s?

Additional context
The App Name is actually “Audience Republic Dev”. Just private developing and at the moment we just use one login: arep_engineering@audiencerepublic.com

Hey @chrismurrph,

Thank you for reaching out to the Zoom Developer Forum. Great question! When attempting to authorize with a refresh_token you can check for a 401 response. If you encounter a 401 response, you know that the current refresh_token is invalid.

When a refresh_token is invalid, you’ll want to re-authorize the app in order to obtain a valid access_token and continue with the request.

That being said, if you closely manage the storage of access_tokens and the relevant refresh_tokens such that your app is the only thing authorizing the users, you should be able to greatly minimize the number of times this happens.

I hope that helps! Let me know if you have any questions.


Yes I am getting a 401 when trying to authorize:

status 401
body {“reason”:“Invalid Token!”,“error”:“invalid_request”}

So my question is now how do I ‘re-authorize the app’? Do I need to talk to a person or a page on your web site? Is there documentation for how you ‘re-authorize the app’?

Hey @chrismurrph ,

To reauthorize the app you just install it again, or navigate to the install url! :slight_smile:

Please see Step. 1: https://marketplace.zoom.us/docs/guides/auth/oauth#step-1-request-user-authorization


I filled out the needed information and pressed the “Install” button. It then took me to a blank page:

Opening the browser console I can see this message:

Uncaught TypeError: Cannot read property ‘postMessage’ of null
at oauth?provider=zoom&code=…

I was obviously in as the correct user (not this Panda Bear user), to be able to press the button.

I refreshed this page (where the “Install” button is):


Hoping to see an indication that the App had been installed/activated/authorised. But the page looks the same as before I pressed the button.

I also repeated the “Install” much later in an Incognito browser window, with the same result.

Not sure what was happening there with the “Install” button in my last post. But at https://marketplace.zoom.us/docs/guides/auth/oauth#getting-access-token:


It says “This URL is the same as the Install Button link on the Zoom App Marketplace.” I realised that our front-end must be initiating this URL so I triggered our front end and looked in the logs for the access_token and refresh_token. I found them - and the access_token indeed works! So I now should have a valid refresh_token that will work in an hours time…

Just editing here. The expired access_token was detected and a new pair retrieved and saved to the database.

1 Like

Hey @chrismurrph,

Excellent! I’m glad to hear that everything seems to be working now. As always, feel free to reach out if you encounter any issues or questions. :slightly_smiling_face:


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.