SOLVED: Revoke token not working in code, only in Postman?

API and Webhooks
1

Error ALWAYS returns “reason: Invalid client_id or client_secret, error: invalid client”

I’ve successfully implemented getting access and refresh tokens but now I can’t revoke the token in code. It WORKS in Postman however. Can someone see where the error is please or tell me what I am missing?

Here are headers and post field parameters in a PHP/cURL implementation (NOT WORKING):

    // Assign the http headers
	$http_headers_array = array
	(
		"Content-Type:application/x-www-form-urlencoded",
	);
	
	// Assign the post fields parameters
	$post_fields_array = array
		(
			"token"		        => $_SESSION["zoom_access_token"],
			"user" 		        => $zoom_client_id,
			"pass"		        => $zoom_client_secret
            // "client_id" 		=> $zoom_client_id,
			// "client_secret"  => $zoom_client_secret
		);

Endpoint: https://zoom.us/oauth/revoke

Tested in Postman and provided the following as the Zoom documentation instructs:

  1. [header] Content-Type: application/x-www-form-urlencoded
  2. [param] user: (client_id)
  3. [param] pass: (client_secret)
  4. [param] token: (access token)

It WORKS in Postman when I change the parameter names of “user” to “client_id” and “pass” to “client_secret”, but it still does not work IN THE CODE when I change it there…how come? Working screenshot is below.

image
image835×456 18.4 KB

2

UPDATE: Content-Type needed to be passed in as an array instead of text, like so:

"Content-Type" => "application/x-www-form-urlencoded"

Also, “user” and “pass” was changed to “client_id” and “client_secret”. This was a random guess on my part and is not part of the documentation so I guess you could say I got lucky…

3

Hey @4everCodeNLearn,

Glad you solved your issue, although setting the client_id and the client_secret should be done in the headers/auth headers the same way as when requesting an access token. We do not recommend putting your client_secret in the url as a query param.

Request Headers:

{
   "Authorization": "Basic base64Encode(client_id:client_secret)"
}

In the Node.js revoke token code example on our docs, using the request library, the auth object sets a header with the base 64 encoded client_id:client_secret behind the scenes, similar to how postman does on the Authorization tab > Basic option.

57 AM
57 AM2756×496 52.2 KB 

auth: {
     'user': 'Odet7ldYQjyagzLKzNomA',
     'pass': 'UeE0e7LZopJRFityw1h3b7dJFz29IeY7'
}

We will work on making this more clear in our docs.

Thanks,
Tommy

4

I will add this update. Thanks, Tommy.

1 Like
5

Happy to help! :slight_smile:

-Tommy