Our platform enables our customers to link multiple Zoom accounts to their ClearBookings account, using OAuth. Last week, we had an incident where the token information for multiple Zoom accounts linked to one of our customers was corrupted (the cause of this is still under investigation) and so we had to request the customer re-authorise us for their Zoom accounts using the OAuth workflow again.
However, on at least some of these accounts, attempts to re-authorise us failed with error 4700: “Invalid access token, does not contain scopes: […]” error message. We have made no change to our Zoom app listing since its publication and would have no means to affect the scopes granted on an individual user account, so this was very puzzling to us.
The only solution we could find at the time was to have the customer log into the Zoom marketplace for each of their impacted accounts, locate the ClearBookings app in their authorised app list and remove it before then attempting to re-authorise us again. This was a significant inconvenience for us and our customer, so I would like to understand what went wrong and how we can avoid the same outcome in future.
If it helps investigations, I can provide the email address and/or user id of one specific account that was impacted, if you can let me know where to direct/private message this to.
Invalid access token, does not contain scopes: [user:write:admin, user:read:admin, user:read, user:write, user_profile].
Which App Type (OAuth / Chatbot / JWT / Webhook)?
How To Reproduce (If applicable)
Screenshots (If applicable)
Nothing else of note