OAuth Refresh Response Code

OneLoginDev · May 9, 2019, 8:33pm

I’m reaching out regarding Zoom’s OAuth Refresh token logic. In all of our other OAuth integrations which support refresh tokens, we expect and do receive a 401 response code when the access token needs to be refreshed.

However, in the case of Zoom, we see you respond with a 400 response code when we attempt and CRUD operations for users. This did not originally trigger a refresh as we are expecting a 401 response code to do so. We, however, built out the logic to support this originally and to ensure safety we were also looking for your response message which previously was ‘Token verification failed’. It seems now that you have made a change to the message and it is now ‘Access token is expired’ and this temporarily broke our refresh logic.

I do see other instances of you responding with a 400 response to other failures in which the access token is not expired so I believe we would want to keep looking for a specific message.

My concern is that you may change this again which will break our refresh logic again. As I mentioned other OAuth integrations are using 401 as the response code. Is there a specific reason that you are not or has this come up with other integrators?

ojus.zoom · May 10, 2019, 6:51pm

hi @OneLoginDev,

Thank you for reaching out to us with your concern. This is a duly noted by us.

Please allow me sometime to work on your request, and I will get back to you with an update soon.

Thanks

ojus.zoom · May 16, 2019, 11:10pm

Hi @OneLoginDev,

I heard from our developers, this bug will be fixed in our future releases, although we cannot provide you with a definite timeline, we will update you once it is fixed.

It would also be helpful if you let us know for which API’s you are receiving the 400 response ?

Thanks!

OneLoginDev · May 20, 2019, 6:14pm

Thank you. We are seeing this when using the SCIM API. So when we attempt CRUD operations against the /Users endpoint we get a 400 instead of a 401 that the access token is expired.

https://zoom.us/scim2/Users

OneLoginDev · May 23, 2019, 9:24pm

@ojus.zoom I’m seeing 401 response codes now when our token is expired. Is this change final on your side? I just want to make sure before we make the change on our side.

ojus.zoom · June 4, 2019, 10:49pm

@OneLoginDev, let me consult about this with our development team, and I will update you soon.

ojus.zoom · June 5, 2019, 4:42pm

Hi @OneLoginDev,

Currently, it is still a bug, and our engineers are working on resolving it. We are expecting it to be fixed in the future releases.

Please follow our changelog for further updates.

Thanks!

Topic		Replies	Views
Refresh token expired API and Webhooks	2	1742	October 25, 2020
Sudden spike in refresh error API and Webhooks	4	372	March 8, 2021
Getting 401 trying to refresh authorization token API and Webhooks	5	8733	August 21, 2020
Oauth refresh 401 error API and Webhooks	2	410	October 8, 2021
Urgent Inquiry🙇‍♂️ We are unable to update access tokens for our customers Authentication api	12	427	January 24, 2023

OAuth Refresh Response Code

Related Topics