I’m reaching out regarding Zoom’s OAuth Refresh token logic. In all of our other OAuth integrations which support refresh tokens, we expect and do receive a 401 response code when the access token needs to be refreshed.
However, in the case of Zoom, we see you respond with a 400 response code when we attempt and CRUD operations for users. This did not originally trigger a refresh as we are expecting a 401 response code to do so. We, however, built out the logic to support this originally and to ensure safety we were also looking for your response message which previously was ‘Token verification failed’. It seems now that you have made a change to the message and it is now ‘Access token is expired’ and this temporarily broke our refresh logic.
I do see other instances of you responding with a 400 response to other failures in which the access token is not expired so I believe we would want to keep looking for a specific message.
My concern is that you may change this again which will break our refresh logic again. As I mentioned other OAuth integrations are using 401 as the response code. Is there a specific reason that you are not or has this come up with other integrators?