Receiving error "You cannot authorize the app"

API and Webhooks
1

Description
Cannot authorize the application I’m developing. Hitting error “You cannot authorize the app”.

Error
“You cannot authorize the app” when going through the OAuth process

Which App Type (OAuth / Chatbot / JWT / Webhook)?
OAuth

Which Endpoint/s?
/oauth/authorize?response_type=code
https://zoom.us/oauth/authorize?response_type=code&client_id=ZOOM_CLIENT_ID&redirect_uri=REDIRECT_URL

Screenshots (If applicable)

Screen Shot 2020-06-29 at 6.31.31 PM
Screen Shot 2020-06-29 at 6.31.31 PM1484×1254 81.9 KB

Additional context
I got this error before and saw other people running into the same issue. I creating a new account, and the issue still persists

2

I am the developer of this app. client_id => bkEo4CZBQnNqAuSqIslYg

3

Getting this error in the console, not sure if this helps Zoom devs

Access to XMLHttpRequest at ‘https://marketplace.zoom.us/api/v1/apps/bkEo4CZBQnNqAuSqIslYg/@grant?zpk=REDACTED&scopes=meeting:write,recording:write,user:read’ from origin ‘https://zoom.us’ has been blocked by CORS policy: Response to preflight request doesn’t pass access control check: No ‘Access-Control-Allow-Origin’ header is present on the requested resource.

4

Hey @josharcher,

Can I ask what device and browser you are using? Also can you see if there are any errors in the browser console? (ZOOM-173344)

Thanks,
Tommy

5

Hi Tommy,

It’s a 2015 MacBook pro running chrome Version 83.0.4103.116.

First error

Access to XMLHttpRequest at '[https://marketplace.zoom.us/api/v1/apps/Scjgw1tqQ0STWg5L2Pv6Rw/@grant?zpk=eyJhbGciOiJIUzUxMiIsInYiOiIyLjAiLCJraWQiOiIxMGY3YzgyYy04NjU2LTQ5MDAtYWJlZC0yOTE1YWRlNjVkMjYifQ.eyJhdWQiOiJodHRwczovL2FwcC56b29tLnVzIiwibmJmIjoxNTkzNTU4MjI5LCJhY2NvdW50X2lkIjoiaTRTcXRWVFBUMVd6ZFduV2dvV1BsZyIsImF1dGhfaWQiOiJNS2d6NGZBR2hBR1V0L05UL05HdXY1ay9vMjE4QzU5eks0SEhBU3RrVzRvPSIsInVzZXJfaWQiOiJDdXZpekQ3WFI4NjlLWkFobnRqbHJRIiwidXNlcl9uYW1lIjoiSm9zaCBBcmNoZXIiLCJpc3MiOiJodHRwczovL3dlYi56b29tLnVzIiwiZXhwIjoxNTkzNTY1NDI5LCJ0eXBlIjoxLCJpYXQiOjE1OTM1NTgyMjksImp0aSI6ImRjZWJjNTM1LWE2ZjQtNGVhMi1iZDcyLWE1MzY4OGVmNzY1MSJ9.fvEkZAGdNOlShXD621MFO1p4Q67Xl6iiuRB3QpQasjFUC5ZWUWdgyRuOaZjQDiUBddMkci5TvXsbl7Rn8Q3FcQ&scopes=meeting:write,recording:write,user:read&state={%22userId%22:%22l2hWkuaSo4csUnVffJjO%22,%22clientRedirect%22:%22https://pro.sutra.fit/dashboard/business-settings%22}](https://marketplace.zoom.us/api/v1/apps/Scjgw1tqQ0STWg5L2Pv6Rw/@grant?zpk=eyJhbGciOiJIUzUxMiIsInYiOiIyLjAiLCJraWQiOiIxMGY3YzgyYy04NjU2LTQ5MDAtYWJlZC0yOTE1YWRlNjVkMjYifQ.eyJhdWQiOiJodHRwczovL2FwcC56b29tLnVzIiwibmJmIjoxNTkzNTU4MjI5LCJhY2NvdW50X2lkIjoiaTRTcXRWVFBUMVd6ZFduV2dvV1BsZyIsImF1dGhfaWQiOiJNS2d6NGZBR2hBR1V0L05UL05HdXY1ay9vMjE4QzU5eks0SEhBU3RrVzRvPSIsInVzZXJfaWQiOiJDdXZpekQ3WFI4NjlLWkFobnRqbHJRIiwidXNlcl9uYW1lIjoiSm9zaCBBcmNoZXIiLCJpc3MiOiJodHRwczovL3dlYi56b29tLnVzIiwiZXhwIjoxNTkzNTY1NDI5LCJ0eXBlIjoxLCJpYXQiOjE1OTM1NTgyMjksImp0aSI6ImRjZWJjNTM1LWE2ZjQtNGVhMi1iZDcyLWE1MzY4OGVmNzY1MSJ9.fvEkZAGdNOlShXD621MFO1p4Q67Xl6iiuRB3QpQasjFUC5ZWUWdgyRuOaZjQDiUBddMkci5TvXsbl7Rn8Q3FcQ&scopes=meeting:write,recording:write,user:read&state={%22userId%22:%22l2hWkuaSo4csUnVffJjO%22,%22clientRedirect%22:%22https://pro.sutra.fit/dashboard/business-settings%22})' from origin '[https://zoom.us](https://zoom.us)' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.

Second error

csrf_js:96 GET [https://marketplace.zoom.us/api/v1/apps/Scjgw1tqQ0STWg5L2Pv6Rw/@grant?zpk=eyJhbGciOiJIUzUxMiIsInYiOiIyLjAiLCJraWQiOiIxMGY3YzgyYy04NjU2LTQ5MDAtYWJlZC0yOTE1YWRlNjVkMjYifQ.eyJhdWQiOiJodHRwczovL2FwcC56b29tLnVzIiwibmJmIjoxNTkzNTU4MjI5LCJhY2NvdW50X2lkIjoiaTRTcXRWVFBUMVd6ZFduV2dvV1BsZyIsImF1dGhfaWQiOiJNS2d6NGZBR2hBR1V0L05UL05HdXY1ay9vMjE4QzU5eks0SEhBU3RrVzRvPSIsInVzZXJfaWQiOiJDdXZpekQ3WFI4NjlLWkFobnRqbHJRIiwidXNlcl9uYW1lIjoiSm9zaCBBcmNoZXIiLCJpc3MiOiJodHRwczovL3dlYi56b29tLnVzIiwiZXhwIjoxNTkzNTY1NDI5LCJ0eXBlIjoxLCJpYXQiOjE1OTM1NTgyMjksImp0aSI6ImRjZWJjNTM1LWE2ZjQtNGVhMi1iZDcyLWE1MzY4OGVmNzY1MSJ9.fvEkZAGdNOlShXD621MFO1p4Q67Xl6iiuRB3QpQasjFUC5ZWUWdgyRuOaZjQDiUBddMkci5TvXsbl7Rn8Q3FcQ&scopes=meeting:write,recording:write,user:read&state={%22userId%22:%22l2hWkuaSo4csUnVffJjO%22,%22clientRedirect%22:%22https://pro.sutra.fit/dashboard/business-settings%22}](https://marketplace.zoom.us/api/v1/apps/Scjgw1tqQ0STWg5L2Pv6Rw/@grant?zpk=eyJhbGciOiJIUzUxMiIsInYiOiIyLjAiLCJraWQiOiIxMGY3YzgyYy04NjU2LTQ5MDAtYWJlZC0yOTE1YWRlNjVkMjYifQ.eyJhdWQiOiJodHRwczovL2FwcC56b29tLnVzIiwibmJmIjoxNTkzNTU4MjI5LCJhY2NvdW50X2lkIjoiaTRTcXRWVFBUMVd6ZFduV2dvV1BsZyIsImF1dGhfaWQiOiJNS2d6NGZBR2hBR1V0L05UL05HdXY1ay9vMjE4QzU5eks0SEhBU3RrVzRvPSIsInVzZXJfaWQiOiJDdXZpekQ3WFI4NjlLWkFobnRqbHJRIiwidXNlcl9uYW1lIjoiSm9zaCBBcmNoZXIiLCJpc3MiOiJodHRwczovL3dlYi56b29tLnVzIiwiZXhwIjoxNTkzNTY1NDI5LCJ0eXBlIjoxLCJpYXQiOjE1OTM1NTgyMjksImp0aSI6ImRjZWJjNTM1LWE2ZjQtNGVhMi1iZDcyLWE1MzY4OGVmNzY1MSJ9.fvEkZAGdNOlShXD621MFO1p4Q67Xl6iiuRB3QpQasjFUC5ZWUWdgyRuOaZjQDiUBddMkci5TvXsbl7Rn8Q3FcQ&scopes=meeting:write,recording:write,user:read&state={%22userId%22:%22l2hWkuaSo4csUnVffJjO%22,%22clientRedirect%22:%22https://pro.sutra.fit/dashboard/business-settings%22}) net::ERR_FAILED

Couple questions:

  1. is this a CORS issue on Zoom’s end or my end?
  2. does this have something to do with passing state in the Zoom oauth request? I’m trying to pass an URI encoded json object with some user state.

Josh

6

@josharcher I had a similar issue, although I was including the “|” character in my state parameter.

Encoding fixed the issue for the most part, but even encoding the | didn’t take, so I switched to an underscore.

Seems to be a recent change b/c I had no issues using the | before, nor the need to use the encodeURIComponent function.

I suggest keeping your state as simple as possible. Perhaps base64 encode it if it can fit within the url limit.

7

Hey @pb_zoom, @josharcher,

Our engineering team is aware of the issue and investigating this. While the team is yet to confirm the exact cause of error, upon initial review, they suspect the issue lies with this specific use of the state parameter. In the meantime they have advised that you revise the OAuth URL to not use a state parameter and it should resolve the authorization error.

For a quick resolution, if you still plan to use the state parameter you can try either of these options.

Option 1:
If possible please limit to using a single value in the state parameter.
https://zoom.us/oauth/authorize?response_type=code&client_id=CLIENT_ID&redirect_uri=REDIRECT_URL&state=STATE_STRING

Option 2:
Make use of the base64UrlEncode or base64Encode function to encode the state parameter
https://zoom.us/oauth/authorize?response_type=code&client_id=CLIENT_ID&redirect_uri=REDIRECT_URL&state=BASE64_ENCODED_STRING

The engineering team is investigating this at priority and we will keep you updated on the status. Let me know if neither of these help resolve the error you are encountering.

Thanks,
Tommy