PKCE - Code Challenge Method not supported

Description
I’m attempting to add PKCE to an OAuth flow that previously worked.
Setting code_challenge_method=S256 looks like it should work, according to the RFC and Zoom’s documentation, so what am I missing here?

Error
Web browser displays an error “Code Challenge Method not supported. (4,715)”

Which App Type (OAuth / Chatbot / JWT / Webhook)?
OAuth

Which Endpoint/s?

https://zoom.us/oauth/

How To Reproduce (If applicable)
Steps to reproduce the behavior:

  1. Submit a URL like
    https://zoom.us/oauth2/login?client_id={_}&response_type=code&redirect_uri={_}&state={_}&code_challenge={_}&code_challenge_method=S256&_x_zm_rtaid={_}&_x_zm_rhtaid={_}

where {_} represents the redacted parts.

  1. Error messages appears “Code Challenge Method not supported. (4,715)”
1 Like

Hey @AJW,

Thank you for reaching out to the Zoom Developer Forum. I’ve been investigating a similar issue and have added your case to the open issue with our engineering team. I’ll be sure to keep you updated. (ZOOM-276777)

Thanks,
Max

Hey @MaxM ,

Same issue here (4.715). I am implementing Zoom OAuth2 for a Flutter desktop app using the oauth2 package. I actually had to modify the package and remove PKCE in order to get the authentication to work.

I appreciate your support,
Jonas

@Jonas @AJW

Try using the value sha256 for the code_challenge_method parameter and let us know if that resolves your issues. We’ll update our documentation around this.

Thanks,
Max

As an update, you will want to make sure that you are using lowercase letters: sha256

Max

This resolves the issue, thank you for the updated information.

1 Like

Hey @AJW,

I’m glad that helped! We’ll make sure to update our documentation and will support different cases in the future.

Thanks,
Max