"Invalid Token!" when trying to Refresh Token to get a new access_token, refresh_token pair

API and Webhooks
1

Description
The access-token expires every hour so I need to use the refresh_token to get a new access_token, refresh_token pair. However I may not be using the latest refresh_token. But how can I know what the latest is? It may have been discarded. Seems like an unrecoverable position to be in! Any way to find out what the latest access-token and refresh_token is? Or even that in fact the refresh_token I’m using is not the latest.

Error
status 401
body {“reason”:“Invalid Token!”,“error”:“invalid_request”}

Which App Type (OAuth / Chatbot / JWT / Webhook)?
OAuth

Which Endpoint/s?
https://zoom.us/oauth/token

Additional context
The App Name is actually “Audience Republic Dev”. Just private developing and at the moment we just use one login: arep_engineering@audiencerepublic.com

2

Hey @chrismurrph,

Thank you for reaching out to the Zoom Developer Forum. Great question! When attempting to authorize with a refresh_token you can check for a 401 response. If you encounter a 401 response, you know that the current refresh_token is invalid.

When a refresh_token is invalid, you’ll want to re-authorize the app in order to obtain a valid access_token and continue with the request.

That being said, if you closely manage the storage of access_tokens and the relevant refresh_tokens such that your app is the only thing authorizing the users, you should be able to greatly minimize the number of times this happens.

I hope that helps! Let me know if you have any questions.

Thanks,
Max

4

Yes I am getting a 401 when trying to authorize:

status 401
body {“reason”:“Invalid Token!”,“error”:“invalid_request”}

So my question is now how do I ‘re-authorize the app’? Do I need to talk to a person or a page on your web site? Is there documentation for how you ‘re-authorize the app’?

5

Hey @chrismurrph ,

To reauthorize the app you just install it again, or navigate to the install url! :slight_smile:

Please see Step. 1: https://marketplace.zoom.us/docs/guides/auth/oauth#step-1-request-user-authorization

Thanks,
Tommy

6

I filled out the needed information and pressed the “Install” button. It then took me to a blank page:

Opening the browser console I can see this message:

Uncaught TypeError: Cannot read property ‘postMessage’ of null
at oauth?provider=zoom&code=…

I was obviously in as the correct user (not this Panda Bear user), to be able to press the button.

I refreshed this page (where the “Install” button is):

https://marketplace.zoom.us/develop/apps/gsJwNuabTPOo5x0YuzpfFQ/activation

Hoping to see an indication that the App had been installed/activated/authorised. But the page looks the same as before I pressed the button.

I also repeated the “Install” much later in an Incognito browser window, with the same result.

7

Not sure what was happening there with the “Install” button in my last post. But at https://marketplace.zoom.us/docs/guides/auth/oauth#getting-access-token:

https://zoom.us/oauth/authorize?...

It says “This URL is the same as the Install Button link on the Zoom App Marketplace.” I realised that our front-end must be initiating this URL so I triggered our front end and looked in the logs for the access_token and refresh_token. I found them - and the access_token indeed works! So I now should have a valid refresh_token that will work in an hours time…

Just editing here. The expired access_token was detected and a new pair retrieved and saved to the database.

1 Like
8

Hey @chrismurrph,

Excellent! I’m glad to hear that everything seems to be working now. As always, feel free to reach out if you encounter any issues or questions. :slightly_smiling_face:

Thanks,
Max

9

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.