Description
Our platform enables our customers to link multiple Zoom accounts to their ClearBookings account, using OAuth. Last week, we had an incident where the token information for multiple Zoom accounts linked to one of our customers was corrupted (the cause of this is still under investigation) and so we had to request the customer re-authorise us for their Zoom accounts using the OAuth workflow again.
However, on at least some of these accounts, attempts to re-authorise us failed with error 4700: “Invalid access token, does not contain scopes: […]” error message. We have made no change to our Zoom app listing since its publication and would have no means to affect the scopes granted on an individual user account, so this was very puzzling to us.
The only solution we could find at the time was to have the customer log into the Zoom marketplace for each of their impacted accounts, locate the ClearBookings app in their authorised app list and remove it before then attempting to re-authorise us again. This was a significant inconvenience for us and our customer, so I would like to understand what went wrong and how we can avoid the same outcome in future.
If it helps investigations, I can provide the email address and/or user id of one specific account that was impacted, if you can let me know where to direct/private message this to.
Error
Invalid access token, does not contain scopes: [user:write:admin, user:read:admin, user:read, user:write, user_profile].
Which App Type (OAuth / Chatbot / JWT / Webhook)?
OAuth
Which Endpoint/s?
OAuth endpoint
How To Reproduce (If applicable)
Unknown
Screenshots (If applicable)
Not applicable
Additional context
Nothing else of note