Jwt authentication starts return 401 at 2023-06-09 13:00 UTC+9

imaxsoft2 · June 9, 2023, 6:12am

We have using JWT server-to-server authentication

and several days ago heard JWT has deprecated at June 1, and extended end-of-life date to September 1.

from Migrating the Zoom app in Azure to OAuth – Zoom Support

but today JWT authentication starts return 401 suddenly at 2023-06-09 13:00 UTC+9

We not updated any programs, account settings, APIs.
but some accounts are meet this trouble, some are normal.

401 case response =>
https://api.zoom.us/v2/users/[!!!EMAIL!!!] >>> [401]Unauthorized
[2023-06-09 14:21:07,432] [ERROR] response >>> {“code”:124,“message”:“Invalid access token.”}

details
==================================
[2023-06-09 14:21:07,430] [ERROR] null : [HTTP/1.1 401 Unauthorized]
[2023-06-09 14:21:07,430] [ERROR] expires : [Thu, 01 Jan 1970 00:00:00 GMT]
[2023-06-09 14:21:07,430] [ERROR] CF-RAY : [7d46ede29f5e0aa6-KIX]
[2023-06-09 14:21:07,430] [ERROR] Server : [cloudflare]
[2023-06-09 14:21:07,430] [ERROR] Connection : [keep-alive]
[2023-06-09 14:21:07,430] [ERROR] pragma : [no-cache]
[2023-06-09 14:21:07,431] [ERROR] Date : [Fri, 09 Jun 2023 05:21:07 GMT]
[2023-06-09 14:21:07,431] [ERROR] set-cookie : [zm_aid=“”; Domain=.zoom,us; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/; Secure; HttpOnly]
[2023-06-09 14:21:07,431] [ERROR] CF-Cache-Status : [DYNAMIC]
[2023-06-09 14:21:07,431] [ERROR] NEL : [{“success_fraction”:0.01,“report_to”:“cf-nel”,“max_age”:604800}]
[2023-06-09 14:21:07,431] [ERROR] content-disposition : [inline;filename=f.txt]
[2023-06-09 14:21:07,431] [ERROR] Cache-Control : [no-cache, no-store, must-revalidate, no-transform]
[2023-06-09 14:21:07,431] [ERROR] x-content-type-options : [nosniff]
[2023-06-09 14:21:07,432] [ERROR] Report-To : [{“endpoints”:[{“url”:“https://a.nel.cloudflare.com/report/v3?s=kUP6eIFumxmOgaU7wLxLOMPtvbGzHU9o%2F4AlLLMjrsU5M5MWBEChYYLEYyRsa2ntXxS4LeTe3s4LX%2F4xgROWIZrhfy%2BpH2%2BZhId5uUOwArviNfF8KutDd8QWQcu3”}],“group”:“cf-nel”,“max_age”:604800}]
[2023-06-09 14:21:07,432] [ERROR] Set-Cookie : [__cf_bm=etQof5LPpx8a5neJxc9hveVC6I6qdDbEBBTIyAXqdUg-1686288067-0-AQBbsrLzcV+L3eaA4evaK1By3x4y7XUYHgrygUHkPRxcFMiIyqhPK2hG4nHvV9bC7f3cPtZFTAxgVyZIiOBxcqg=; path=/; expires=Fri, 09-Jun-23 05:51:07 GMT; domain=.zoom,us; HttpOnly; Secure; SameSite=None, _zm_mtk_guid=46e36d98e4ad4364afa79f967ed813e7; Domain=.zoom,us; Expires=Sun, 08-Jun-2025 05:21:07 GMT; Path=/; Secure, _zm_chtaid=840; Domain=.zoom,us; Expires=Fri, 09-Jun-2023 07:21:07 GMT; Path=/; Secure; HttpOnly, _zm_ctaid=KZcborBqTfeoRvYiuVheug.1686288067106.38d28646cd4a14dd8fe82622630b4531; Domain=.zoom,us; Expires=Fri, 09-Jun-2023 07:21:07 GMT; Path=/; Secure; HttpOnly, cred=C6A0890F6B696A9DB20AAE2164A31743; Path=/; Secure; HttpOnly, zm_htmaid=“”; Domain=.zoom,us; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/; Secure; HttpOnly, zm_tmaid=“”; Domain=.zoom,us; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/; Secure; HttpOnly, zm_haid=“”; Domain=.zoom,us; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/; Secure; HttpOnly]
[2023-06-09 14:21:07,432] [ERROR] alt-svc : [h3=“:443”; ma=86400]
[2023-06-09 14:21:07,432] [ERROR] x-zm-trackingid : [v=2.0;clid=aw1;rid=WEB_b09315d925114f208da7d3fdc9634ece]
[2023-06-09 14:21:07,432] [ERROR] Content-Length : [46]
[2023-06-09 14:21:07,432] [ERROR] x-zm-zoneid : [VA]
[2023-06-09 14:21:07,432] [ERROR] Content-Type : [application/json;charset=UTF-8]
[2023-06-09 14:21:07,432] [ERROR] ---------------------------------------
[2023-06-09 14:21:07,432] [ERROR] response >>> {“code”:124,“message”:“Invalid access token.”}

==================================

jharris1 · June 9, 2023, 1:26pm

Another Zoom integrator here. We see the same thing - currently a JWT integrator with plans to move to OAuth within the timeframe publicly established (as linked above). But sometime after 10:45PM ET we see NO new calls in the call log and our system also responds with an Invalid Access Token.

HELP?!

aalamour · June 9, 2023, 2:07pm

Yes, we started receiving the the same error since last night at 10:57 EDT
*{“code”:124,“message”:“Invalid access token.”}
Just wondering if there is any downside in Zoom API ?

michael.zoom · June 9, 2023, 4:17pm

@imaxsoft2 , @jharris1, @aalamour we’ll look into this and get back to you here with more information ASAP.

aalamour · June 9, 2023, 4:30pm

We found workaround by hardcoding the Zoom token in our code , but this is temporary solution until fix the issue in Zoom API.

michael.zoom · June 9, 2023, 4:37pm

@aalamour , what are the details of that hardcoded token? Previously created tokens are working, but newly generated tokens do not work?

aalamour · June 9, 2023, 4:53pm

Hi,

I have got the token from developer account and make it expire after one week and hardcoded it in my code that calls Zoom API. So my call now use the same token eveny time calls Zoom API.

michael.zoom · June 9, 2023, 4:56pm

@aalamour can you share the function you’re using to generate the token that does not work?

michael.zoom · June 9, 2023, 4:58pm

@jharris1 @imaxsoft2 , we are continuing to investigate with our service engineering team. In the interim, from what I see, if you go to your JWT app and retrieve a token and use this manually, API requests will work. This should restore service.

jharris1 · June 9, 2023, 5:35pm

Adding the key ‘manually’ is not an approach we can use easily with a compiled app that must go thru a QA/test/release cycle - and then have to be switched BACK after you implement your fix?!

michael.zoom · June 9, 2023, 5:44pm

Understood completely, John. We’re still working on root cause, as we’re only seeing these issues on a small subset of accounts. I’ve sent you an email through your support ticket, if you can share additional details there, we’d greatly appreciate it.

jharris1 · June 9, 2023, 6:24pm

In addition, we note that the typ parameter in the header and the ‘aud’ claim in the payload are different in the tokens that HAD been working from our application versus the ‘manual’ JWT token that your page in now generating.

OLD tokens
typ=JWT
aud=[blank]

NEW tokens
typ is missing
aud=null

Perhaps Zoom’s token generation and validation changed as a result of some code change?

jharris1 · June 9, 2023, 6:56pm

After more research, we also notice that we had been sending quotes around the aud, exp, and iat claims, and your new tokens apparently don’t have that, which still might point to new validation logic on the Zoom side.

aalamour · June 9, 2023, 7:33pm

@michael.zoom

Yes , we have been using the standard token generation method in our code and it has been working fine until last night. since last night, we are started receiving the invalid token error. We already opened case with Zoom support and waiting the response.

aalamour · June 9, 2023, 7:37pm

@michael.zoom

It is the standard function mentioned in Zoom developer documentation that we have been using it since two years till date and it was working all the times. We didn’t make any change on it in our side. Wondering why Zoom API is not accepting it since last night. Was there any update on Zoom API or it is issue in the API ?

Thanks.

jharris1 · June 9, 2023, 7:50pm

It looks like the issue was resolved based on the feedback we provided above. I look forward to Zoom’s RCA.

aalamour · June 9, 2023, 9:00pm

@jharris1

Could you please share with me the link for this post ?

jharris1 · June 12, 2023, 2:22pm

Zoom Status - A subset of users are unable to access zoom API with JWT tokens

Topic		Replies	Views
JWT apps to be deprecated in favor of Server-to-Server OAuth Authentication	46	8627	April 25, 2023
Access token expired API and Webhooks	1	289	June 28, 2023
oAuth2 Authentication for Zoom Room Schedule API API and Webhooks	7	1095	August 12, 2022
JWT app returns "invalid token" API and Webhooks	26	3630	July 30, 2020
Intermittent 401 error when getting users with a server-to-server OAuth app credentials Authentication api	2	805	June 8, 2023

Jwt authentication starts return 401 at 2023-06-09 13:00 UTC+9

Related Topics