{"reason":"Invalid authorization code ***","error":"invalid_grant"}

Hello I am currently getting the error:
{“reason”:“Invalid authorization code [REDACTED]”,“error”:“invalid_grant”}

I used the zoomapp sdk and used the authorize and onauthorized functions on the client side to get the authorization code
{code: “", result: true, timestamp: 1677044707, redirectUri: "https://.ngrok.io/”}

Then I send the code to the backend with a code_verifier to then the server sends a post to
https://zoom.us/oauth/token” with the parameters


No Luck :frowning:
Can someone please help with this Ive been stuck on why its giving authorization code error the last two days


Thanks for posting in the Zoom Developer Forum. Can you share if the code_challenge_method plain or not?


Resource :



Here is my codeChallenge generator:
async function generateCodeChallenge() {
// Generate a random string for the challenge
const challenge = await generateRandomString(64);

        // Convert the challenge to a buffer
        const challengeBuffer = new TextEncoder().encode(challenge);
        // Encode the buffer using plain encoding
        const codeChallenge = btoa(String.fromCharCode(...new Uint8Array(challengeBuffer)));
        // Generate a random string for the verifier
        const verifier = await generateRandomString(64);
        // Convert the verifier to a buffer
        const verifierBuffer = new TextEncoder().encode(verifier);
        // Encode the buffer using base64
        const codeVerifier = btoa(String.fromCharCode(...new Uint8Array(verifierBuffer)));
        return { codeChallenge, codeVerifier };

I am also using zoom app sdk onauthorize to generate the authorization token

async function generateRandomString(length) {
const randomBytes = new Uint8Array(length);
await window.crypto.getRandomValues(randomBytes);
return btoa(String.fromCharCode(…randomBytes)).substring(0, length);

I tried almost everything here is what i’m getting:
{“reason”:"Invalid authorization code ***,“error”:“invalid_grant”}

router.get(‘/zoomcallback’, function(req, res) {

const zoomtokenep = “https://zoom.us/oauth/token”;
const myappredirect = req.query.redirectUri;
if (req.query.code) {
console.log(“CODE VERIFIER”)
const zoomclientid = “Z***”
const zoomclientsec = “T***”
const auth = ‘Basic ’ + Buffer.from(zoomclientid + ‘:’ + zoomclientsec).toString(‘base64’);
var url = zoomtokenep + ‘?grant_type=authorization_code&code=’ +
req.query.code + ‘&code_verifier=’+req.query.code_verifier +’&redirect_uri=’ + myappredirect;
url: url,
headers: {
“Authorization”: auth
}, function(error, response, body) {
if (error) {
console.log("Error when getting Zoom token = " + error);
body = JSON.parse(body);
if (body.access_token) {
accessToken = body.access_token;
// Process and securely store these tokens
res.send({ output: accessToken});
} else {
console.log(“FATAL - could not get zoom token”);

} else {
console.log(“Missing code from Zoom”);