OAuth Tokens invalidated after login with same account elsewhere?

Randolpho · March 13, 2020, 8:58pm

My app is currently using OAuth at a user account level to access the Zoom API.

I have run into an interesting issue and would love some insight.

The OAuth works great, however, I have noticed occasionally that request will return 401 unexpectedly and before its expire time. After investigating, it appears that the token has been invalidated.

I created a couple environments for testing of my app, and I have noticed that if I get a token for the user account in one environment, then get a token for the same user account in another environment, then return to the first environment and try to use the API, I get a 401 error, because the old token is no longer good.

Heck, the issue occurs if I do this in the same environment with two different browsers.

It seems counterintuitive to me that only one token set can be used at a time, and this is intended as a user-level token to enable the user to manage their meetings from our portal.

Did I set up the app wrongly in the marketplace? Or is there a hard line in the sand that only one token can ever be active at a time and thus I’m going to have to re-think how I handle managing a user’s zoom data?

tommy · March 13, 2020, 10:18pm

Hey @Randolpho,

Currently we don’t support multiple tokens for OAuth, however, we are in the process of developing this.

(ZOOM-88936). Stay updated here: https://marketplace.zoom.us/docs/changelog

Thanks for you patience,
Tommy

Randolpho · March 16, 2020, 12:35pm

Well that’s disappointing, but I can work around it.

tommy · March 16, 2020, 4:52pm

Yes, please implement a work around until we support it.

Thanks,
Tommy

felix · May 2, 2020, 8:08pm

Hi @tommy,

I had the same question as @Randolpho and found this thread. For us, it is a bit harder to work around.

Do you know if this feature / bug is to be addressed soon?

Also, you mention “ZOOM-88936”, what looks like a feature / bug code in your response. Is this surfaced anywhere that I can see?

I followed the link to the Zoom changelog, but I don’t see any codes or any way to search or get alerted.

Best,
Felix

tommy · May 6, 2020, 12:09am

Hey @felix,

We have this on our roadmap to implement.

This is for internal tracking

Thanks,
Tommy

felix · May 6, 2020, 12:25am

Thanks for the response! I built a workaround.

Best regards.

michael.zoom · May 8, 2020, 9:47pm

Great, glad to hear it works currently @felix - let us know if there’s anything we can help with in the mean time.

Topic		Replies	Views
Frequent invalid token requests API and Webhooks	8	772	July 11, 2021
Invalidation of refresh tokens Authentication api	0	218	June 15, 2023
User cannot authenticate to zoom API on multiple devices API and Webhooks	3	243	April 27, 2023
Getting Invalid Token when system tries to get a new access token for user API and Webhooks	7	441	September 22, 2021
Questions Regarding OAuth Tokens API and Webhooks	2	419	September 30, 2020

OAuth Tokens invalidated after login with same account elsewhere?

Related Topics