Request From Website Instead Of Postman Returns "invalid authorization code" response

Hi,

I’m trying to move an API request that I have working on Postman to a PHP/WordPress website. To help with this I referred to this previous discussion regarding how to get an oAuth access token through CURL Need help on how to programatically get Access Token [PHP]

From this, I then made the following (with tokens changed)

 $curl = curl_init();
  curl_setopt_array($curl, array(
  CURLOPT_URL => "https://zoom.us/oauth/token?grant_type=authorization_code&code=[REDACTED]&redirect_uri=https://oauth.pstmn.io/v1/callback&client_id=[REDACTED]",
  CURLOPT_RETURNTRANSFER => true,
  CURLOPT_ENCODING => "",
  CURLOPT_MAXREDIRS => 10,
  CURLOPT_TIMEOUT => 0,
  CURLOPT_FOLLOWLOCATION => true,
  CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
  CURLOPT_CUSTOMREQUEST => "POST",
  CURLOPT_HTTPHEADER => array(
    "Authorization: Basic [REDACTED]",
   "Content-Type: application/x-www-form-urlencoded"
  ),
));

 $response = curl_exec($curl);
 //echo $response;
 //$access_token = $response['access_token'];
 error_log($response);
 curl_close($curl);

However, whereas on Postman, I was getting a successful response with an access token, when making the request using this code above, I now get:

{"reason":"Invalid authorization code","error":"invalid_grant"}

I have checked the console on Postman and it appears that the Base64 Encoded string for the authorization is the same so is there any other reason why my request to get the access token would fail?

@digital-medium,

Thank you for posting in the Zoom Developer Forum. Have you verified that you are sending all the appropriate headers for the curl request?

Hi @donte.zoom

Thanks for getting back to me.

I had a look at this example from the Zoom documentation

# Header
Host: zoom.us
Authorization: Basic Q2xpZW50X0lEOkNsaWVudF9TZWNyZXQ=
Content-Type: application/x-www-form-urlencoded

# Request body
code: [CODE]
grant_type: authorization_code
redirect_uri: [REDIRECT URI]
code_verifier: [CODE VERIFIER]

The only header I seemed to be missing was the Host header so I updated my code above to now say

  CURLOPT_HTTPHEADER => array(
    "Authorization: Basic [REDACTED]",
   "Content-Type: application/x-www-form-urlencoded",
   "Host: zoom.us"
  ),

However, this still didn’t work.

These were then the headers that Postman was sending across

Content-Type: application/x-www-form-urlencoded
Authorization: Basic [Redacted]
User-Agent: PostmanRuntime/7.29.2
Accept: */*
Cache-Control: no-cache
Postman-Token: e6d6841d-5e8d-4bf0-8031-805ec9f3a10a
Host: zoom.us
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Content-Length: 159
Cookie: _zm_mtk_guid=b2b61d9a73cd46e4be55f0594cb373b6; _zm_visitor_guid=b2b61d9a73cd46e4be55f0594cb373b6

Would any of these other headers make a difference?

@digital-medium ,

The request looks good – although it looks like the value for the Authorization header seems off. To troubleshoot the Invalid authorization code error, can you try to make a request to the auth endpoint :

Then use the code value returned in your PHP request to the token endpoint?

Also, can you confirm what app type are you using and how are you configuring your Marketplace app credentials in Postman as well?

Hi Dante,

Thanks I have now solved this. I thought the authorization code you got from step 1 could be reused to get multiple access tokens but I understand that’s not the case.

I have sorted this now. Thanks for your assistance