Questions Regarding OAuth Tokens

FacelessPhoenix · August 31, 2020, 12:36am

I am fairly new to the whole authentication/authorization mechanism with OAuth APIs. The documentation says that refresh tokens are valid for 15 years and I don’t see a way to revoke them which makes me wonder about the security implications.

Is it possible to have more than one valid refresh token or does any subsequent generated token invalidate all previous?
What protections prevent misuse of a compromised refresh token if it doesn’t end up getting used by the application?
I believe the documentation also said that refresh tokens must be used for all subsequent access token requests, but what happens in the case where the refresh token is lost or you don’t have secured persistent memory? Would you go through the whole authorization process again?

DeveloperBot · August 31, 2020, 12:36am

Hey @FacelessPhoenix

Thanks for posting on the Zoom Devforum! I am still learning, but I will try my best to help answer your question.

Checkout this related thread that may have the answer you are looking for:

If this thread did not help, please let us know by replying back here and someone from the Developer Relations team will get back to you shortly.

Thanks,
DeveloperBot

system · September 30, 2020, 10:36am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Refresh Token Validity App Marketplace	8	3608	August 21, 2020
How to refresh token if refresh_token in incorrect API and Webhooks	35	12779	August 21, 2020
Access and refresh token changes in V2 API and Webhooks api	5	1417	September 14, 2023
Zoom Refresh Token Expires For Multi-tenant application API and Webhooks	7	1185	November 2, 2020
Why does refresh token change when generating new access token API and Webhooks	4	1512	August 21, 2020

Questions Regarding OAuth Tokens

Related Topics