OAuth Refresh Response Code

#1

I’m reaching out regarding Zoom’s OAuth Refresh token logic. In all of our other OAuth integrations which support refresh tokens, we expect and do receive a 401 response code when the access token needs to be refreshed.

However, in the case of Zoom, we see you respond with a 400 response code when we attempt and CRUD operations for users. This did not originally trigger a refresh as we are expecting a 401 response code to do so. We, however, built out the logic to support this originally and to ensure safety we were also looking for your response message which previously was ‘Token verification failed’. It seems now that you have made a change to the message and it is now ‘Access token is expired’ and this temporarily broke our refresh logic.

I do see other instances of you responding with a 400 response to other failures in which the access token is not expired so I believe we would want to keep looking for a specific message.

My concern is that you may change this again which will break our refresh logic again. As I mentioned other OAuth integrations are using 401 as the response code. Is there a specific reason that you are not or has this come up with other integrators?

#2

hi @OneLoginDev,

Thank you for reaching out to us with your concern. This is a duly noted by us.

Please allow me sometime to work on your request, and I will get back to you with an update soon.

Thanks

#3

Hi @OneLoginDev,

I heard from our developers, this bug will be fixed in our future releases, although we cannot provide you with a definite timeline, we will update you once it is fixed.

It would also be helpful if you let us know for which API’s you are receiving the 400 response ?

Thanks!

#4

Thank you. We are seeing this when using the SCIM API. So when we attempt CRUD operations against the /Users endpoint we get a 400 instead of a 401 that the access token is expired.

https://zoom.us/scim2/Users