Issues with OAuth state

mbolton · September 23, 2025, 6:18pm

API Endpoint(s) and/or Zoom API Event(s)
OAuth callback url.

Description

We use an object as our state param for the OAuth url.

{
 "x": "value",
 "y": "value"
}

Recently we have noticed that after authorizing the app on Zoom, the state is returned to us with different encoding.

Previously we would receive

code=CODE&state=%7B%22x%22%3A+%22value%22%2C+%22y%22%3A+%22value%22%7D

And now we receive it with these quot in the query params.

code=CODE&state=%7B%26quot%3Bx%26quot%3B%3A%20%26quot%3Bvalue%26quot%3B%2C%20%26quot%3By%26quot%3B%3A%20%26quot%3Bvalue%26quot%3B%7D

Error?
Our code is expecting the query params to be returned in a consistent format so that we can appropriately parse them.

How To Reproduce
Steps to reproduce the behavior:

Call the OAuth url with a state param that is an object https://zoom.us/oauth/authorize?response_type=code&client_id=ZOOM_CLIENT_ID&redirect_uri=ZOOM_REDIRECT_URI&state=%7B%22x%22%3A+%22value%22%2C+%22y%22%3A+%22value%22%7D
Inspect the response that comes back after authorizing.
Note the quot in the encoded query params.

Canny_Engineering · September 24, 2025, 3:16am

We’ve noticed this change as well, and it has broken our installation flow. Could the Zoom team clarify whether this was introduced unintentionally as a bug, or if it’s an intentional change we should plan around going forward?

Topic		Replies	Views
Error on OAuth app API and Webhooks	5	1436	August 21, 2020
My approved marketplace app is no longer allowing installation App Marketplace	6	1045	August 21, 2020
Zoom auth redirect: invalid Invalid authorization code API and Webhooks	10	2500	August 21, 2020
Oauth malformed redirect_url Zoom Apps oauth	10	1392	September 19, 2022
Custom Redirect URI parameters? API and Webhooks	9	3948	August 21, 2020

Issues with OAuth state

Related topics