I have created an OAuth App using a free account, I am able to generate Meeting ID using Access Token, but my Refresh Token gets expired after a few hours.
Error
Refresh Token becomes invalid.
Which App Type (OAuth / Chatbot / JWT / Webhook)?
OAuth Issues
Steps to reproduce the behavior:
Thanks
Fayaz
Hey @fayazvar.mobile,
To clarify, refresh tokens expire after 1 hour:
You will need to follow the guide linked above to refresh your token periodically.
Thanks,
Will
Hey @will.zoom
So you mean I have to keep one service running for life long to refresh my “Access Token” using “Refresh Token” but practically I don’t think it is the case. I could use my “Refresh Token” to generate an “Access Token” even after 24 hours.
My actual problem is if I provide the wrong “Refresh Token” to get “Access Token” using the following link https://zoom.us/oauth/token?grant_type=refresh_token&refresh_token=…
I am getting an error, but after that, if I use the correct “Refresh Token” that even does not return “Access Token”, it is like i lost my single chance, there should be some kind of limit how many times i can provide wrong “Refresh Token”.
Regards,
Fayaz
Hey @fayazvar.mobile,
It sounds like you may be using an outdated refresh token each time. Note that each time you request an access token, both a new token and refresh token are provided, and you’ll need to store these latest values each time.
Please try generating a new access_token and refresh_token, and then try the new refresh_token value. Make sure to use the new access and refresh tokens each refresh.
Let me know if this helps to clarify,
Will
Hey @will.zoom,
Yes, whenever I get a new Access Token, the same time I am getting a new Refresh Token also, I save that Refresh Token in a Database, next time when I fetch a new Access Token, I use that stored Refresh Token. Problem is when i hit Zoom API to get new Access Token, if by mistake i sent wrong Refresh Token inside the request, i will get error message as “Access Denide”. i should have atleast 3 chances to send wrong Refresh Token to get new Access Token. If i send Wrong Refresh Token, actual Refresh Token from zoom side should not get invalid unless my 3 chances are over.
Thanks
Fayaz
Hey @fayazvar.mobile,
Thanks for your feedback. We are aware of this limitation of our OAuth flow where latest refresh token must always be used for the next refresh request. In some cases we provide a higher refresh tolerance for apps that have trouble keeping the most recent refresh token up to date. Please let us know why your system fails to update the refresh token each time and we will consider increasing your tolerance to 2 or 3.
Thanks,
Tommy
Hey @tommy,
Concurrency issue, My API which gets “Access Token” then uses that “Access Token” to get new “Meeting ID” is being used by many users. Flow is
Any of these Processes can take time depends on internet speed. During the same time if another user starts the above process, So he is providing the wrong “Refesh Token” to the Zoom API. This creates a huge issue, because in real sense we don’t have now “Refresh Token”, so we can never get “Access Token”. We need to authorize the Zoom hosted App again, it becomes a manual process then.
Best Regards,
Fayaz
Hey @fayazvar.mobile,
Thanks for sharing this. Can I ask why two different Zoom users would be using the same access / refresh tokens though?
-Tommy
Hey @tommy,
Because both will use our same Angular Web App. So we will have a single Account for our Angular Web App. In fact, one department will use one Zoom Account. All of them can use it together. BTW none of the users is directly a zoom user, Only our Angular Web App is a zoom user.
Thanks
Fayaz
Hey @fayazvar.mobile,
I see, so it is basically a service account. 
You have 2 options then:
Refresh the Access Token when someone needs to use the app, and the token is expired.
Always direct users to the authorize URL, so you can just get a new access token every time.
In the future, we will support multiple active OAuth tokens per user to enhance the flow where the user needs to OAuth on multiple devices.
Thanks,
Tommy
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.
