Dear Zoom Support Team,
I am experiencing an issue with a Server-to-Server OAuth application (Client ID: 2kMjkysNTyG2Em9bfuPA0w) where the access tokens being generated do not include the scopes I have configured in the Zoom App Marketplace.
My goal is to use the API endpoint to download meeting transcripts on Gdrive for the mentioned date range. To achieve this, I have enabled the Recording level, user level and accout level scopes for my Server-to-Server OAuth app in the Marketplace(refer the attached snap-shot of scope section of the app configuration
Despite these scopes being enabled a API calls to the /accounts/{accountId}/recordings endpoint consistently fail with a 400 Bad Request, error code 4711, and the message: “Invalid access token, does not contain scopes:[cloud_recording:read:list_account_recordings:master].”
I have debugged the process and successfully obtained an access token. However, upon decoding this token, it is clear that the ‘scp’ (scopes) claim is entirely missing from the token payload, meaning no permissions are being granted.
Here is an example of a recently obtained access token:
eyJzdiI6IjAwMDAwMiIsImFsZyI6IkhTNTEyIiwidiI6IjIuMCIsImtpZCI6IjE1N2I2MWQyLWI2OWItNGI3ZC1hMWI4LWM4ZDg0ZGVhNGU1MyJ9.eyJhdWQiOiJodHRwczovL29hdXRoLnpvb20udXMiLCJ1aWQiOiJ5Zy1FWHpDalQzQ3E5ejdzYmRobW9BIiwidmVyIjoxMCwiYXVpZCI6ImQ1YTViNTc0MTQ0OWMwZGYxYmM2MjRkOWQxMGNjYTQzYTI0ODQ5NzE1ZGJhMDZhMTQ0YzRlYzdkYWJhMzRmOTIiLCJuYmYiOjE3NDY1MjE0ODcsImNvZGUiOiJuQmZFZ2NLclJFZVdQVmhnMEg0Y0tRcDVsOE5NcjVqdGMiLCJpc3MiOiJ6bTpjaWQ6MmtNamt5c05UeUcyRW05YmZ1UEEwdyIsImdubyI6MCwiZXhwIjoxNzQ2NTI1MDg3LCJ0eXBlIjozLCJpYXQiOjE3NDY1MjE0ODcsImFpZCI6IjdFRzNFZVFaU3UyVlZCMkFsTHhteHcifQ.qr-jHTFpb-pLMom6SwRwNBW8TATFQ0C9gfOotfaGhN3CCCpm-6agy7Qbv4JmPzi0C9snXZKv_4dBtv9C0QvUrA
And here is its decoded payload:
{
“aud”: “https://oauth.zoom.us”,
“uid”: “yg-EXzCjT3Cq9z7sbdhmoA”,
“ver”: 10,
“auid”: “d5a5b5741449c0df1bc624d9d10cca43a24849715dba06a144c4ec7daba34f92”,
“nbf”: 1746521487,
“code”: “nBfEgcKrREeVpVhg0H4cKQp5l8NMr5jtc”,
“iss”: “zm:cid:2kMjkysNTyG2Em9bfuPA0w”,
“gno”: 0,
“exp”: 1746525087,
“type”: 3,
“iat”: 1746521487,
“aid”: “7EG3EeQZSu2VVB2AlLxmxw”
}
As you can see, there is no ‘scp’ claim.
Troubleshooting steps already taken without success:
- Verified the correct Client ID is being used.
- Ensured the app is activated.
- Added ‘cloud_recording:read:list_account_recordings:master’ scopes.
- Regenerated the Client Secret multiple times.
- Waited significant periods for propagation and restarted application sessions.
Could you please investigate why the configured scopes for my Server-to-Server OAuth app (Client ID: 2kMjkysNTyG2Em9bfuPA0w) are not being included in the generated access tokens?
My Account ID is: 7EG3EeQZSu2VVB2AlLxmxw
