oAuth and create Meeting (error 400)

Description
I am having issues creating a meeting through API.

My workflow:

  • I store the code in the user profile
  • for each call…
    • I try request a new access_token using the code stored in the profile
    • I try use the access_token to create a new meeting

Error

I wish I had any error message to provide. I am mostly getting an code 400 result, no explanation whatsoever

Which App Type (OAuth / Chatbot / JWT / Webhook)?

OAuth

My code

private AccessToken createToken(User user) throws Exception {
    String submitUrl = new StringBuilder("https://zoom.us/oauth/token")
            .append("?grant_type=").append("authorization_code")
            .append("&code=").append(user.getZoomToken())
            .append("&redirect_uri=").append("https://abcd.ngrok.io/zoom/auth")
            .toString();
    Executor ex = Executor.newInstance(httpClient);

    Response response = ex.execute(
            Request.Post(submitUrl).addHeader("Authorization", "Basic " + zoomAppSecret))
    );
    
    final String responseAsString = response.returnContent().asString(Consts.UTF_8);
    AccessToken accessToken = mapper.readValue(responseAsString, AccessToken.class);
    return accessToken;
}

got it running, no need to answer

1 Like

Happy to hear you got it working!

Feel free to post the solution so other developers can benefit!

Thanks,
Tommy

It was a misunderstanding of the workflow on my side. All oAuth workflows I had implemented until now had me re-generating tokens when they expired.

I did not understand why I could not re-generate a token once it was expired, now I understand I have to use the expiration token for that.

It makes the token management a little bit harder, as I have to store much more data on my end, and honestly, I am not sure if this is better from a security perspective. :wink:

It is the first time I have to store…

  • app credentials
  • creation date (so I can calculate expiration)
  • token
  • expiration token for renewal
  • user id

but it is up and running now. It just took me a few more roundtrips to get it up and running.

brgds

Papick

1 Like

Hey @pgtaboada,

That is correct.

At a minimum you’d need to store the access_token, refresh_token, user_id, and expires_in.

Thanks,
Tommy