I have created an OAuth App using a free account, I am able to generate Meeting ID using Access Token, but my Refresh Token gets expired after a few hours.
Error
Refresh Token becomes invalid.
Which App Type (OAuth / Chatbot / JWT / Webhook)?
OAuth Issues
Steps to reproduce the behavior:
Request URL / Headers (without credentials) / Body
So you mean I have to keep one service running for life long to refresh my “Access Token” using “Refresh Token” but practically I don’t think it is the case. I could use my “Refresh Token” to generate an “Access Token” even after 24 hours.
My actual problem is if I provide the wrong “Refresh Token” to get “Access Token” using the following link https://zoom.us/oauth/token?grant_type=refresh_token&refresh_token=…
I am getting an error, but after that, if I use the correct “Refresh Token” that even does not return “Access Token”, it is like i lost my single chance, there should be some kind of limit how many times i can provide wrong “Refresh Token”.
It sounds like you may be using an outdated refresh token each time. Note that each time you request an access token, both a new token and refresh token are provided, and you’ll need to store these latest values each time.
Please try generating a new access_token and refresh_token, and then try the new refresh_token value. Make sure to use the new access and refresh tokens each refresh.
Yes, whenever I get a new Access Token, the same time I am getting a new Refresh Token also, I save that Refresh Token in a Database, next time when I fetch a new Access Token, I use that stored Refresh Token. Problem is when i hit Zoom API to get new Access Token, if by mistake i sent wrong Refresh Token inside the request, i will get error message as “Access Denide”. i should have atleast 3 chances to send wrong Refresh Token to get new Access Token. If i send Wrong Refresh Token, actual Refresh Token from zoom side should not get invalid unless my 3 chances are over.
Thanks for your feedback. We are aware of this limitation of our OAuth flow where latest refresh token must always be used for the next refresh request. In some cases we provide a higher refresh tolerance for apps that have trouble keeping the most recent refresh token up to date. Please let us know why your system fails to update the refresh token each time and we will consider increasing your tolerance to 2 or 3.
Concurrency issue, My API which gets “Access Token” then uses that “Access Token” to get new “Meeting ID” is being used by many users. Flow is
Get Stored “Refresh Token” from Database.
Use that “Refresh Token” to fetch the latest “Access Token” from Zoom Portal/ Zoom Hosted App.
Store this new “Refresh Token” into the Database.
Any of these Processes can take time depends on internet speed. During the same time if another user starts the above process, So he is providing the wrong “Refesh Token” to the Zoom API. This creates a huge issue, because in real sense we don’t have now “Refresh Token”, so we can never get “Access Token”. We need to authorize the Zoom hosted App again, it becomes a manual process then.
Because both will use our same Angular Web App. So we will have a single Account for our Angular Web App. In fact, one department will use one Zoom Account. All of them can use it together. BTW none of the users is directly a zoom user, Only our Angular Web App is a zoom user.