OAuth Access Tokens

I’m using a Server-to-Server OAuth app to:

  1. Get notified when a meeting recording is complete
  2. Attempt to download the recording files using the download token
    2.1. Save the download token in a DB in case a download fails
  3. Check manually/automatically for failed downloads and retry:
  • If the download token has expired, get a new OAuth access token
  • If it hasn’t, use the same download token

The process described above is ran asynchronously in multiple threads, so multiple downloads can be running at once.
This means that multiple threads may try to get an OAuth access token, or use the same download token for different files of the same recording at the same time.

The problem is, sometimes downloads fail because Zoom returns with a 401 status code. This happens randomly with either download or access tokens.

What could this be? Do both token types become invalid after use? Is there any other limiting factor?

From what I’ve seen there are several issues with Server-to-Server OAuth tokens.

I’ve never been able to download recordings using a Server-to-Server OAuth token, only the provided download token, which as you pointed out, only lasts for an hour. (JWT tokens work fine :confused: )

Even if the Server-to-Server OAuth tokens did work, if you have multiple threads all requesting access tokens, they’re stepping on each other since each request for an access token invalidates the previous token…so you h ave to request a token index increase and manage your own token rotation manually :frowning: