OAuth broken? "New app" email every time user signs in

Description
Hi. Our app is approved in the Zoom marketplace. For some reason for the last couple of weeks, every time an existing user signs in again via OAuth with their Zoom account, they’re re-prompted to authorize the app’s permissions and they get the “New Zoom app installed” email every time. They have not uninstalled/deauthorized the app in the meantime. I have also checked using the publishable URL directly and the same thing happens.

How To Reproduce (If applicable)
Steps to reproduce the behavior:

  1. Sign in to our app (Prod client ID is 84Uq4MhLSlKpbPfE0G6d2A)
  2. Authorize and get welcome email as expected - then sign out
  3. Sign in again
  4. Be forced to authorize permissions again and unexpectedly receive ‘new app installed’ email again

Prior behavior was that after the app had been authorised the first time, upon subsequent OAuth signins the permissions screen wasn’t re-shown and the users didn’t repeatedly get the ‘New Zoom app installed’ email each time they signed in.

Whilst not getting in the way of using our app, this does add friction and support requests from confused users who think that we’ve changed something and/or are worried they have installed a second app.

Is anyone else experiencing the same thing? Thanks in advance!

Hey @xeio,

During this step, are you calling the revoke access token endpoint at all? If you are, it uninstalls the app for the user.

Thanks,
Tommy

Hi @tommy,

Thanks for the reply! Nope we never call the revoke endpoint and the users don’t uninstall the app in the meantime - it still shows as ‘installed’ for them in the Marketplace. Also their access and refresh tokens both continue to work fine from our side. Yet when they come to sign in again with OAuth they see the authorization screen and recieve the ‘new app’ email every time.

Upon further investigation this issue seemingly only affects users who first authorised the app quite some time ago. For recent users the behavior is different and is as expected - on second/third/etc login with OAuth the scopes screen is skipped and no ‘New app’ email is sent.

This seems very odd!! Could it be a bug in the logic on your side regarding the version of the app in the marketplace? We have made a couple of changes which have been approved and the listing updated over time.

Thanks,
Adam

Thanks @xeio for the additional details.

We will investigate this issue and get back to you with an update. (ZOOM-188468)

-Tommy

Hey @xeio,

This is actually a known issue and is currently scheduled to be fixed later this month.

Thanks,
Tommy

Hi @tommy,

Many thanks for the update. Fingers crossed it’s fixed soon, as users find this quite confusing (and blame us…!)

Hey @xeio,

I will keep you updated on the timeline. :slight_smile:

Thanks,
Tommy

Thanks @tommy - looks like this has been fixed.

Hey @xeio,

I can also confirm that a fix was released—Let us know if you need anything else!

Best,
Will