How To Reproduce (If applicable)
May not be needed. I expect somewhere somehow I am doing something wrong, even if it worked two weeks ago.
Screenshots (If applicable)
N/A
Additional context
I am POSTing, the Authorization header is in place. The Auth header is the exact same for a user’s initial Auth, and that works perfect. The refresh_token is the refresh_token provided at initial auth.
Hi @kmwill23 - a refresh token is meant to only be used once to request a new token. Are you storing then updating the refresh token that is received from the refreshed access token?
This failure is happening the very time I am using the refresh token. My normal process is to use that fresh token once, and replace it with the new one from this call.
What happens if you attempt to use the refresh_token after the active token has expired? I am doing some debugging now, and the call is successful if I use the refresh_token within the 3599 second expiry time.
Correct. If a user reauthorizes the app, or say “Logs in with Zoom” to your app on a different device, it will generate new tokens, invalidating the old ones.
Few ways you can handle this, update the tokens in your DB so it shares the same tokens between the two logins, or show a message to the other user saying they need to login with Zoom again.