Issues with OAuth state

API Endpoint(s) and/or Zoom API Event(s)
OAuth callback url.

Description

We use an object as our state param for the OAuth url.

{
 "x": "value",
 "y": "value"
}

Recently we have noticed that after authorizing the app on Zoom, the state is returned to us with different encoding.

Previously we would receive

code=CODE&state=%7B%22x%22%3A+%22value%22%2C+%22y%22%3A+%22value%22%7D

And now we receive it with these quot in the query params.

code=CODE&state=%7B%26quot%3Bx%26quot%3B%3A%20%26quot%3Bvalue%26quot%3B%2C%20%26quot%3By%26quot%3B%3A%20%26quot%3Bvalue%26quot%3B%7D

Error?
Our code is expecting the query params to be returned in a consistent format so that we can appropriately parse them.

How To Reproduce
Steps to reproduce the behavior:

1. Call the OAuth url with a state param that is an object https://zoom.us/oauth/authorize?response_type=code&client_id=ZOOM_CLIENT_ID&redirect_uri=ZOOM_REDIRECT_URI&state=%7B%22x%22%3A+%22value%22%2C+%22y%22%3A+%22value%22%7D
2. Inspect the response that comes back after authorizing.
3. Note the quot in the encoded query params.

We’ve noticed this change as well, and it has broken our installation flow. Could the Zoom team clarify whether this was introduced unintentionally as a bug, or if it’s an intentional change we should plan around going forward?

Looking into this @mbolton . Sending you a private message to also get your production client id. Check your notifications.

Hi @mbolton @Canny_Engineering , we’ve discovered this was a breaking change impacting certain customers and have rolled out the fix (ZOOM-1044988). Can you please try again?

Thanks for the quick fix! Looks good on my end.