Receiving error "You cannot authorize the app"

josharcher · June 30, 2020, 1:37am

Description
Cannot authorize the application I’m developing. Hitting error “You cannot authorize the app”.

Error
“You cannot authorize the app” when going through the OAuth process

Which App Type (OAuth / Chatbot / JWT / Webhook)?
OAuth

Which Endpoint/s?
/oauth/authorize?response_type=code
https://zoom.us/oauth/authorize?response_type=code&client_id=ZOOM_CLIENT_ID&redirect_uri=REDIRECT_URL

Screenshots (If applicable)

Additional context
I got this error before and saw other people running into the same issue. I creating a new account, and the issue still persists

josharcher · June 30, 2020, 1:59am

I am the developer of this app. client_id => bkEo4CZBQnNqAuSqIslYg

josharcher · June 30, 2020, 2:04am

Getting this error in the console, not sure if this helps Zoom devs

Access to XMLHttpRequest at ‘https://marketplace.zoom.us/api/v1/apps/bkEo4CZBQnNqAuSqIslYg/@grant?zpk=REDACTED&scopes=meeting:write,recording:write,user:read’ from origin ‘https://zoom.us’ has been blocked by CORS policy: Response to preflight request doesn’t pass access control check: No ‘Access-Control-Allow-Origin’ header is present on the requested resource.

tommy · June 30, 2020, 10:48pm

Hey @josharcher,

Can I ask what device and browser you are using? Also can you see if there are any errors in the browser console? (ZOOM-173344)

Thanks,
Tommy

josharcher · June 30, 2020, 11:16pm

Hi Tommy,

It’s a 2015 MacBook pro running chrome Version 83.0.4103.116.

First error

Access to XMLHttpRequest at '[https://marketplace.zoom.us/api/v1/apps/Scjgw1tqQ0STWg5L2Pv6Rw/@grant?zpk=eyJhbGciOiJIUzUxMiIsInYiOiIyLjAiLCJraWQiOiIxMGY3YzgyYy04NjU2LTQ5MDAtYWJlZC0yOTE1YWRlNjVkMjYifQ.eyJhdWQiOiJodHRwczovL2FwcC56b29tLnVzIiwibmJmIjoxNTkzNTU4MjI5LCJhY2NvdW50X2lkIjoiaTRTcXRWVFBUMVd6ZFduV2dvV1BsZyIsImF1dGhfaWQiOiJNS2d6NGZBR2hBR1V0L05UL05HdXY1ay9vMjE4QzU5eks0SEhBU3RrVzRvPSIsInVzZXJfaWQiOiJDdXZpekQ3WFI4NjlLWkFobnRqbHJRIiwidXNlcl9uYW1lIjoiSm9zaCBBcmNoZXIiLCJpc3MiOiJodHRwczovL3dlYi56b29tLnVzIiwiZXhwIjoxNTkzNTY1NDI5LCJ0eXBlIjoxLCJpYXQiOjE1OTM1NTgyMjksImp0aSI6ImRjZWJjNTM1LWE2ZjQtNGVhMi1iZDcyLWE1MzY4OGVmNzY1MSJ9.fvEkZAGdNOlShXD621MFO1p4Q67Xl6iiuRB3QpQasjFUC5ZWUWdgyRuOaZjQDiUBddMkci5TvXsbl7Rn8Q3FcQ&scopes=meeting:write,recording:write,user:read&state={%22userId%22:%22l2hWkuaSo4csUnVffJjO%22,%22clientRedirect%22:%22https://pro.sutra.fit/dashboard/business-settings%22}](https://marketplace.zoom.us/api/v1/apps/Scjgw1tqQ0STWg5L2Pv6Rw/@grant?zpk=eyJhbGciOiJIUzUxMiIsInYiOiIyLjAiLCJraWQiOiIxMGY3YzgyYy04NjU2LTQ5MDAtYWJlZC0yOTE1YWRlNjVkMjYifQ.eyJhdWQiOiJodHRwczovL2FwcC56b29tLnVzIiwibmJmIjoxNTkzNTU4MjI5LCJhY2NvdW50X2lkIjoiaTRTcXRWVFBUMVd6ZFduV2dvV1BsZyIsImF1dGhfaWQiOiJNS2d6NGZBR2hBR1V0L05UL05HdXY1ay9vMjE4QzU5eks0SEhBU3RrVzRvPSIsInVzZXJfaWQiOiJDdXZpekQ3WFI4NjlLWkFobnRqbHJRIiwidXNlcl9uYW1lIjoiSm9zaCBBcmNoZXIiLCJpc3MiOiJodHRwczovL3dlYi56b29tLnVzIiwiZXhwIjoxNTkzNTY1NDI5LCJ0eXBlIjoxLCJpYXQiOjE1OTM1NTgyMjksImp0aSI6ImRjZWJjNTM1LWE2ZjQtNGVhMi1iZDcyLWE1MzY4OGVmNzY1MSJ9.fvEkZAGdNOlShXD621MFO1p4Q67Xl6iiuRB3QpQasjFUC5ZWUWdgyRuOaZjQDiUBddMkci5TvXsbl7Rn8Q3FcQ&scopes=meeting:write,recording:write,user:read&state={%22userId%22:%22l2hWkuaSo4csUnVffJjO%22,%22clientRedirect%22:%22https://pro.sutra.fit/dashboard/business-settings%22})' from origin '[https://zoom.us](https://zoom.us)' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.

Second error

csrf_js:96 GET [https://marketplace.zoom.us/api/v1/apps/Scjgw1tqQ0STWg5L2Pv6Rw/@grant?zpk=eyJhbGciOiJIUzUxMiIsInYiOiIyLjAiLCJraWQiOiIxMGY3YzgyYy04NjU2LTQ5MDAtYWJlZC0yOTE1YWRlNjVkMjYifQ.eyJhdWQiOiJodHRwczovL2FwcC56b29tLnVzIiwibmJmIjoxNTkzNTU4MjI5LCJhY2NvdW50X2lkIjoiaTRTcXRWVFBUMVd6ZFduV2dvV1BsZyIsImF1dGhfaWQiOiJNS2d6NGZBR2hBR1V0L05UL05HdXY1ay9vMjE4QzU5eks0SEhBU3RrVzRvPSIsInVzZXJfaWQiOiJDdXZpekQ3WFI4NjlLWkFobnRqbHJRIiwidXNlcl9uYW1lIjoiSm9zaCBBcmNoZXIiLCJpc3MiOiJodHRwczovL3dlYi56b29tLnVzIiwiZXhwIjoxNTkzNTY1NDI5LCJ0eXBlIjoxLCJpYXQiOjE1OTM1NTgyMjksImp0aSI6ImRjZWJjNTM1LWE2ZjQtNGVhMi1iZDcyLWE1MzY4OGVmNzY1MSJ9.fvEkZAGdNOlShXD621MFO1p4Q67Xl6iiuRB3QpQasjFUC5ZWUWdgyRuOaZjQDiUBddMkci5TvXsbl7Rn8Q3FcQ&scopes=meeting:write,recording:write,user:read&state={%22userId%22:%22l2hWkuaSo4csUnVffJjO%22,%22clientRedirect%22:%22https://pro.sutra.fit/dashboard/business-settings%22}](https://marketplace.zoom.us/api/v1/apps/Scjgw1tqQ0STWg5L2Pv6Rw/@grant?zpk=eyJhbGciOiJIUzUxMiIsInYiOiIyLjAiLCJraWQiOiIxMGY3YzgyYy04NjU2LTQ5MDAtYWJlZC0yOTE1YWRlNjVkMjYifQ.eyJhdWQiOiJodHRwczovL2FwcC56b29tLnVzIiwibmJmIjoxNTkzNTU4MjI5LCJhY2NvdW50X2lkIjoiaTRTcXRWVFBUMVd6ZFduV2dvV1BsZyIsImF1dGhfaWQiOiJNS2d6NGZBR2hBR1V0L05UL05HdXY1ay9vMjE4QzU5eks0SEhBU3RrVzRvPSIsInVzZXJfaWQiOiJDdXZpekQ3WFI4NjlLWkFobnRqbHJRIiwidXNlcl9uYW1lIjoiSm9zaCBBcmNoZXIiLCJpc3MiOiJodHRwczovL3dlYi56b29tLnVzIiwiZXhwIjoxNTkzNTY1NDI5LCJ0eXBlIjoxLCJpYXQiOjE1OTM1NTgyMjksImp0aSI6ImRjZWJjNTM1LWE2ZjQtNGVhMi1iZDcyLWE1MzY4OGVmNzY1MSJ9.fvEkZAGdNOlShXD621MFO1p4Q67Xl6iiuRB3QpQasjFUC5ZWUWdgyRuOaZjQDiUBddMkci5TvXsbl7Rn8Q3FcQ&scopes=meeting:write,recording:write,user:read&state={%22userId%22:%22l2hWkuaSo4csUnVffJjO%22,%22clientRedirect%22:%22https://pro.sutra.fit/dashboard/business-settings%22}) net::ERR_FAILED

Couple questions:

is this a CORS issue on Zoom’s end or my end?
does this have something to do with passing state in the Zoom oauth request? I’m trying to pass an URI encoded json object with some user state.

Josh

pb_zoom · July 1, 2020, 5:48pm

@josharcher I had a similar issue, although I was including the “|” character in my state parameter.

Encoding fixed the issue for the most part, but even encoding the | didn’t take, so I switched to an underscore.

Seems to be a recent change b/c I had no issues using the | before, nor the need to use the encodeURIComponent function.

I suggest keeping your state as simple as possible. Perhaps base64 encode it if it can fit within the url limit.

tommy · July 6, 2020, 5:56pm

Hey @pb_zoom, @josharcher,

Our engineering team is aware of the issue and investigating this. While the team is yet to confirm the exact cause of error, upon initial review, they suspect the issue lies with this specific use of the state parameter. In the meantime they have advised that you revise the OAuth URL to not use a state parameter and it should resolve the authorization error.

For a quick resolution, if you still plan to use the state parameter you can try either of these options.

Option 1:
If possible please limit to using a single value in the state parameter.
https://zoom.us/oauth/authorize?response_type=code&client_id=CLIENT_ID&redirect_uri=REDIRECT_URL&state=STATE_STRING

Option 2:
Make use of the base64UrlEncode or base64Encode function to encode the state parameter
https://zoom.us/oauth/authorize?response_type=code&client_id=CLIENT_ID&redirect_uri=REDIRECT_URL&state=BASE64_ENCODED_STRING

The engineering team is investigating this at priority and we will keep you updated on the status. Let me know if neither of these help resolve the error you are encountering.

Thanks,
Tommy