Oauth malformed redirect_url

Hi there!

I am trying to follow the instructions in GitHub - zoom/zoomapps-customlayout-js: A simple podcaster Zoom App to demonstrate Immersive Mode through our Layers API for creating a Zoom app. After I run it successfully and then try to add my app, I get redirected to the following url https://6a97-96-84-247-65.ngrok.io/auth?code=

This url doesn’t have a state param, and it results in the following error

Error 400
state must be a string

Any ideas what I could try here? I have no changes in my repo from what’s hosted on github.
Thanks!

I’ve tried this both with a “Zoom App” and “Oauth App” through here App Marketplace

Hi @JuanCaicedo , the project you are using will require you to provide a “state” parameter in OAuth authorization requests. Because of this, the authorization request needs to start with the app itself.

There is a section in the README that describes how to install/authorize this app https://github.com/zoom/zoomapps-customlayout-js#usage

More information on OAuth 2.0 “state” parameter https://auth0.com/docs/secure/attack-protection/state-parameters

Hi Daniel! Thanks for the response :grinning: I’ve followed the instructions in that readme and that’s how I end up in this state.

First I start out at my “Homepage”.

This takes me to my homepages /install, which then takes me to the Zoom app

The error message at this point (which is supported by my server logs) suggests that the Zoom app made a request to /auth, but did not send a code along with the request.

I can instead try to add the app through the add link (or button) provided in the Zoom market place

If I do that then I’m sent to /auth?code=\<code\>, but with no state parameter.

the project you are using will require you to provide a “state” parameter in OAuth authorization requests. Because of this, the authorization request needs to start with the app itself.

I don’t understand how I would provide a state parameter here. My understanding is that Zoom would send this parameter as part of putting together the redirect_url. I don’t see where in the flow I have an interaction with this at all :sweat_smile:

@JuanCaicedo apologies for the delay getting back to you. Is this still an issue? The SDK should add the state parameter for you when you click the install link. Let me know if that’s not the case.