Hey @randers,
All these issues are currently issues with how developers are implementing the OAuth flow. There are no confirmed issues on Zoom’s side.
Please share more details about your issue and steps to reproduce so we can help. 
Thanks,
Tommy
I have an app, that stores refreshToken and accessToken and I only refresh when a token is expired while user is performing an action and then i store new token back.
In the recent test, I authorized my app 2 days ago, used it once and then didn’t touch it again. (means no activity in zoom)
Then after 2-3 days when I tried to use my app and create a request to refresh token I received error that my token is expired. Which is beyond me. Because Its not the case where a new token is generated. Only I authorize my app and I haven’t touched it. as you stated that refreshToken have 15 years of expiry I highly doubt that. In case you want to investigate further, I can provide my zoom account that was authorized for the app I developed. And check the logs against it that either the request to refresh token was generated or the refreshToken was invalid itself.
Here is my code in Javascript that refreshes the token. I am using “axios” so auth object creates Basic Auth token.
return request.post(`/oauth/token?grant_type=refresh_token&refresh_token=${refreshToken}`, {}, {
auth: {
username: process.env.ZOOM_CLIENT_ID,
password: process.env.ZOOM_SECRET
}
})Thanks for providing these details—and happy to look into this for you. In order to check on this, can you email us the following details to developersupport@zoom.us:
- Refresh Token in question
- Account ID
Thanks!
Will
I am getting 404 bad request error or 401 unauthorized error while refreshing token
Following is the url used.
https://zoom.us/oauth/token?grant_type=refresh_token&refresh_token=
Headers:
Authorization:Basic base64(clientid:clientsecret)
Content-Type:application/x-www-form-urlencoded
Hi @surya,
Can you confirm that you’re using the latest access_token and refresh_token? Please note that when you retrieve an access_token, a new refresh token is provided as well. Similarly, if you use a refresh token once, you will need to request a fresh one from your most recent request.
In other words, both the access token and refresh tokens are updated each time you retrieve them, so you need to make sure you’re using the latest.
Can you double check this and let me know?
Thanks!
Will
Hi Will,
I am using the most recent refresh token generated jst now.
And following is the header I am using
**Authorization:Basic **
This is giving me a bad request.
And even when I am creating a meet request ,it is giving me unauthorized error.
Please help me.
Hey @surya,
Thank you for providing additional information. First, I would try using a Content-Type of application/json. I also decoded the refresh_token that you used and it didn’t seem to be valid. Where are you getting that refresh_token from and can you confirm that there are no issues introduced when copying and pasting the token?
Thanks,
Max
But this is nonsense! The refresh tokens by definition should be long-lived so what’s the point in making them available for usage only once? The refresh token is valid for 15 years but it can be used only once in this period and then must be replaced by a new one. What’s the point of the refresh token then? To use it once in 15 years? Can anybody explain to me this nonsense design?
Thanks for the feedback @brajanek.
To clarify, the purpose of the refresh token is to request a new access token. Although the refresh token expires after 15 years, it becomes invalid after it is used to request a new access token. You will receive a new refresh token pair and an access token once you use the old refresh token. You will have to update these old values with new ones. These details are covered here as well.
Thanks,
Will
Hi, we have got the same issue.
Fatal error: Uncaught GuzzleHttp\Exception\ClientException: Client error: POST https://zoom.us/oauth/token resulted in a 401 Unauthorized response: {“reason”:“Invalid Token!”,“error”:“invalid_request”}
we have checked the scope, credentials, secret key, using the latest token but still no luck.
can we pm you the detail ?
Thanks in advance!
Have you checked that the value you’re passing in your authorization header matches the credentials for your oauth app?
Thanks,
Will