Longevity of OAuth UserManaged code

when an user provide authorization to Marketplace application and Zoom sends code as querystring to RedirectURLforOAuth…how long is that code valid to utilize with Zoom application client ID/SECRET to generate access/refresh token? thanks…

Hi @sabraha5, an authorization code is unique to each authorization and should be used immediately to retrieve an access token. I’d store/cache the refresh token to get a new access token rather than the authorization code.

hey @michael.harrington…thank you for the response…we are working through the process of handling the RedirectURLforOAuth request and determining whether we needed to generate the access/refresh token immediately…but there isn’t a defined lifetime for the authorization code but best practice to utilize immediately to retrieve access/refresh token and keep those secure…appreciate your feedback/guidance!

Hey @sabraha5,

The correct flow is to get the access / refresh tokens immediately upon redirect. :slight_smile:

Thanks,
Tommy

1 Like