Refresh token request failing with 401

Description/Error
POST to https://zoom.us/oauth/token?grant_type=refresh_token&refresh_token={refresh_token}&redirect_uri={redirect_uri}

header: Authorization : Basic base64{clientid:clientsecret}

failing with
(401) {“reason”:“Invalid Token!”,“error”:“invalid_request”}

Additional context
We are always storing and reusing the refresh token

also tried curl request with same results:
curl -X POST -H “Content-Type:application/x-www-form-urlencoded” --user {client_id}:{client_secret} --data ‘grant_type=refresh_token&refresh_token={refresh_token}’ https://zoom.us/oauth/token

Finally I also tried uninstalling and reinstalling the app which gave a new access token but the same refresh token. Refresh requests are still failing.

Hey @ps40,

Are you storing and using the new refresh token every time?

Each time you refresh, a new refresh token is returned which must be used for the next refresh.

“Refresh Tokens have a lifespan of 15 years. When you refresh an access token, you will also get a new refresh token that you need to use in your next refresh. Store the new refresh token safely for the next time when you try to refresh the tokens.”

Let me know.

Thanks,
Tommy

Yes, I read all posts related to this issue. Yes, we are storing and reusing the refresh token everytime.

Also, all of this was verified and working until recently.

Hey @ps40,

Can you try using the one of your previous refresh tokens to see if that fixes the issue?

Also if you could share the log of when it failed found here that would be great.

Thanks,
Tommy

I am also getting this error and I am also doing everything as documented. Not only that but the logs as linked above do not show the errors. It seems like its failing at the auth stage on zoom.us side.

Hello,

We only store the most recent refresh token. Also, as far as I can tell, the refresh token is not changing, even if we re-authorize the app.

In the log you mentioned, I found only this and I am not sure if it is related:

{

“endpoint”: “https://api.zoom.us/v2/users/kNCkx7C_QF61MAl8NIBc7Q”,

“response_headers”: [

“Set-Cookie: cred=B2891FE44C3B323D0C8347E76754CF5F; Path=/; Secure; HttpOnly”

],

“date_time”: “2019-10-29 15:15:26”,

“method”: “GET”,

“request_body”: “N/A”,

“response”: {

“code”: 1001,

“message”: “User not exist: kNCkx7C_QF61MAl8NIBc7Q”

},

“request_headers”: [

“accept-encoding: gzip”,

“authorization: ******”,

“connection: close”,

“user-agent: Go-http-client/1.1”

],

“request_params”: [

],

“http_status”: “404”

}

Hey @ps40 and @shane.zoom, are you able to reproduce the issue?

Or does it only happen sometimes at random?

Thanks,
Tommy

Yes, it is reproducible 100% of the time. I am simply unable to refresh the token anymore.

Can you hop on a Zoom meeting with me so I can see what’s happening?

Thanks,
Tommy

Our users have reported it to be random.

Yes, sure. I created a meeting using the link you provided.

Thanks, I updated the calendly settings to allow same day bookings if you want to meet today @ps40.

@shane.zoom, can you share more details? What percent of the time is it failing, and do you see any error logs here: https://marketplace.zoom.us/user/logs?

Thanks,
Tommy

I don’t see any failed logs in that link you gave me. But we do log errors to zoomus failing on our own end. Here is from oct 23 to oct 26 with timestamp:

Oct 23 17:33:02 - unable to refresh token
Oct 24 10:46:35 - unable to refresh token
Oct 24 12:26:30 - unable to refresh token
Oct 24 13:06:15 - unable to refresh token
Oct 25 11:37:36 - unable to refresh token
Oct 25 12:32:42 - unable to refresh token
Oct 26 10:36:00 - unable to refresh token

Message logged when refresh token api call to zoomus fails. And the error from zoom.us is

reason
Invalid Token!
error
invalid_request

I created a meeting for today. Please cancel the one for tomorrow.

I should note that, to get around the issue temporarily, we ask the user to re do the authorization process by forwarding them to the authorization url. Which is definitely not ideal for us.

Hey @shane.zoom,

That is what @ps40 did and it fixed the issue.

2 Reasons this could happen:

1. The app scopes were changed so the user needed to update or re install the app.
   Or.
2. The refresh_token was not saved properly on your end so the next time you went to refresh the access_token it used an old refresh_token, hence the error.

Let me know if any of the two could have happened on your end. If not I will check the Zoom logs to see why the refresh failed.

Thanks,
Tommy

Hey I’m investigating further on if we are not saving the refresh token properly. But could you explain step 1. I am not too sure what that involves. It’s a time sensitive issue at the moment due to not being able to create zoom.us meeting. So if there are any logs that you may find as well it would be helpful as well. Thanks.

Hey @shane.zoom,

When you change the Scopes of your app, or Event Subscriptions, this will require users to update your app to approve the additional scope change because you are accessing additional data. Once they approve, it restarts the authorization flow in which you need to get a new access and refresh token and update your database.

If users choose not to update, the application, access, and refresh token will still work as expected, but your app won’t be able to access the newly request data in the scope change.

Thanks,
Tommy

Hey @tommy. Thanks for the explanation. I just looked into the code and tested it more. We are saving the new refresh token. I talked to someone internally who has told me that he hasn’t ran into this issue last few weeks which perhaps rule out the app scope issue. And I don’t believe the scope was being changed every day. Is it entirely possible that it could be user account related?