The ‘Redirect URL for OAuth’ for my app contains multiple query parameters:
https:// cp. clr. events / ?option=com_jbooka&task=zoom.authenticated
When initiating the OAuth flow from our website to obtain Zoom account access for a user, all works fine if the user is already logged into their Zoom account in their current browser session at the time.
However, we have found that if the user is not already logged into their Zoom account (and so is directed to the login page before the authorisation page), on redirecting the user back to our site, the ‘task’ parameter has been lost from the query string. Instead, we only get 'option, ‘code’ and ‘state’ parameters back. This is resulting in us not being able to correctly process the redirect after successful authorisation by the user.
As described above
Which App Type (OAuth / Chatbot / JWT / Webhook)?
https:// marketplace. zoom. us /docs/api-reference/using-zoom-apis#using-oauth
How To Reproduce (If applicable)
Steps to reproduce the behavior:
- Ensure user is not logged into Zoom account
- Initiate OAuth authorisation flow from ClearBookings dashboard. That is, user clicks a button with the following link:
- User is presented with login page, enters credentials and authorises use of Zoom account.
At this point, the Location header in the 302 response returned is as follows (note the redirect_uri parameter is no longer in encoded form here):
And then the above URL returns a 302 response with Location header as follows:
https:// cp. clr. events/?option=com_jbooka&code=3jfHBzLY05_ihwjqmk1QQCDXPXtQpFHJw&state=122670
Best guess is that decoding of the redirect_uri during the login process is causing the loss of the query parameter, though it is not clear why the state parameter or others are not also impacted.
Screenshots (If applicable)
Had to mangle URLs above due to ‘new user’ URL limitation