Hi all,
I’m currently developing a user-level OAuth app and running into an issue when requesting multiple scopes. Here’s the situation:
-
If I set the scope to just
user:read:user, the OAuth flow works perfectly. -
If I set the scope to just
meeting:read:list_meetings, it also works fine. -
However, when I combine both scopes into a single request:
scope=user:read:user meeting:read:list_meetings…I get the following error after login:
Oops! We were unable to complete your request. Please try again. (4700)
This is consistent whether I test it manually via the browser or programmatically via Passport.js (where I pass the scope as a space-delimited string). Here’s an example of the authorization URL I’m using:
https://zoom.us/oauth/authorize?response_type=code
&client_id=n8DX5L5xTHOTnOld8rN9g
&redirect_uri=https://enormous-monarch-frequently.ngrok-free.app/api/auth/zoom/callback
&scope=user:read:user%20meeting:read:list_meetings
A few notes:
-
My app is a user-level app, not account-level.
-
Both scopes are listed in the Zoom App configuration in the Marketplace dashboard.
-
The redirect URI is correctly configured and matches the one registered with the app.
-
I’ve tried reordering the scopes and URL-encoding them manually — no change.
This only happens when two or more scopes are requested. Is this a known issue with Zoom’s OAuth flow or is there some internal limitation or misconfiguration I might have missed?
Any help or clarification would be greatly appreciated. Thanks!
