Refresh token request failing with 401

Hey @nathan.arora,

Can you please Private Message me your access_token and refresh_token.

We believe this is an issue on our end and are working to fix it.

Thanks for your patience,
Tommy

Hi @tommy

I am getting an error when I try to PM you. It says “Sorry, you cannot send a personal message to that user.” Please advise.

Hey @nathan.arora,

I just PM’d you.

Thanks,
Tommy

Hi @tommy!

We’re experiencing a similar issue with our app. Can you please help to figure out what’s going on?

Our app id is U_IYrxQpTFydKKQuO9tCQw

Hey @tsykul,

Can you please provide the App Name?

Also are you using the most recent refresh token each time? Please also share the exact error message you get.

Thanks,
Tommy

@tommy App name is People.ai (we’ve experienced the issue with the private app with the id above, although we have an approved app now too).

Error message is as above {“reason”:“Invalid Token!”,“error”:“invalid_request”}.

We are using the latest refresh token, although it’s possible there’s a race condition somewhere. Is auth api idempotent?

Hey @tsykul,

Try reinstalling the app which will reset the tokens. If the issue is not a race condition on your end with the refresh token, then it is possible it is related to an issue on our end that we are releasing a fix for at the end of this month.

Thanks,
Tommy

Hey @tsykul, @nathan.arora, @alon, @roy, @shane.zoom, @ps40,

Here are updates on the Invalid Token bug:

Conditions: This problem can arise when a token is granted and then
immediately used to call a Zoom API endpoint. The server that issues
the new token sets the nbf (not valid before) time to be the time
“exactly now.” But not all servers at Zoom have synchronized
clocks. If the token is immediately used for an API endpoint that is
on a different server, that server’s local clock may be up to a second
too slow, with a time before the token’s nbf time, causing the server
to reject the token.

This bug applies to:

  • All token requests: Both original token grants, and refresh grants.
  • All tokens: that includes JWT tokens, as well as OAuth tokens of
    both grant types: authorization_code and client_credentials.

Reproducibility: This problem is either 0% or 90% reproducible: it
depends how the Zoom load balancer forwards API requests to Zoom
servers. It can happen either all the time, or not at all, depending
on your source IP address.

Fix time: We will have a fix that will roll out in an upcoming release.

Work-around: After acquiring a token, wait 1 second before using it.

Thanks,
Tommy

2 Likes

Hey @tsykul, @nathan.arora, @alon, @roy, @shane.zoom, @ps40,

UDPATE: Fixed on Sunday Jan 5th.

Thanks,
Tommy

I’m actually also experiencing this issue on an app that I just started developing. Same issue. When trying to refresh tokens I’m getting a 401 with

{"reason":"Invalid Token!","error":"invalid_request"}.

We are persisting the access_token and refresh_token to Firebase after initial validation, but can’t ever seem to get a successful refresh.

Hey @reggieofarrell, thanks for posting and using Zoom!

Can you please share how you are making the refresh request? Feel free to private message me your request url and headers.

Thanks,
Tommy

If the access_token is expired we are making a request to refresh like…

const url = https://zoom.us/oauth/token?grant_type=refresh_token&refresh_token=${zoom_refresh_token};

return requestPromise.post(url).auth(process.env.ZOOM_CLIENT_ID, process.env.ZOOM_CLIENT_SECRET);

I’m using a similar requestPromise (different url of course) call to get the first auth_token so that setup seems to pass the headers correctly. I’ll PM you what the error shows the request headers to be.

Same issue here. I DM`ed you @tommy

Thanks @rafal, and @reggieofarrell,

I will answer you in the DM.

-Tommy