Error
No way to authorize the app. It shows error for every user that tries to authorize it. Example: “Invalid redirect: https://faria.managebac.com/teacher/zoom/pair (4,700)”. The invalid redirect URI depends on the school the user belongs to.
Additional context
I suspect the issue started to happen due to “any” stooped to work as a wildcard for any subdomain within the main domain for multitenant apps like ours.
I get one step in investigating the issue. For unknown reason the whitelist URLs are the only ones allowed in the redirect_uri. I have https://any.managebac.com/teacher/zoom/pair as “Redirect URL for OAuth” and “https://managebac.com” as a whitelist URL. Looks like Whitelist URL functionality changed its behavior.
After experimenting a bit more I can say that support for multitenancy as described in https://marketplace.zoom.us/docs/guides/auth/oauth#getting-access-token is completely broken. Whitelist URLs do not understand any as a placeholder for tenant subdomain nor they allow for any in the “Redirect URL for OAuth”.
Looking forward for an update from Zoom dev team.
Instead of setting any.domain.com as your whitelist, try setting the base domain, domain.com and putting any.domain.com as the default production redirect url.
Does it work if you add the sub domain url ( https://any.managebac.com ) within the whitelist?
It does not help. The only way to make it accept the redirect_uri is to have it started from one of whitelisted URLs. It asks for a user consent only if I manually make the redirect URI. In my particular case the accepted URL is https://managebac.com/teacher/zoom/pair instead of https://faria.managebac.com/teacher/zoom/pair, thus, drawing the multitenancy unusable.
Hello, I also have same issue.
In my case, my OAuth app has worked very well.
However, suddenly this issue happened at first two days before (I’m not sure the exact day issue happend).
Other apis using token issued before works well, but only the problem is authorization process.
I think there was no change in my code for a few days… I want to get your help
Hi, @tommy
I found that my publishable URL works again! Thanks for your effort.
However, as mentioned above, I have used query parameter named state in redirect URL to give some information. Even though publishable URL works, if I add query parameter, it still fails.
Is this change intended? If so, can you tell me why this change happened?
Also, I hope any guideline if you can since I should find another way to deliver data to my server ASAP.
EDIT
My state parameter has JSON value, using JSON.stringify().
I leave my failed URL for your check. This is URL for test account & test course. https://zoom.us/oauth/authorize?response_type=code&client_id=EbEZkkRtR3aZzOQgUd7NHA&redirect_uri=https%3A%2F%2Fapi.classum.net%2Fv2%2Fzoom%2Foauth%3Fstate%3D%7B%22uid%22%3A4644%2C%22courseId%22%3A4971%7D
EDIT 2
I found that just using query parameter is not the case.
I tried simple parameter such as state=1234 to my redirect URL, and it works!
I think some of URI encoded components in my result of JSON.stringify makes some issue.
I’m sure it is URL-safe value since it have been worked so far… (maybe until 1 week ago)
Anyway, the parameter is like this: state={"uid":1,"courseId":1}
Of course we encode this using encodeURIComponent, so the result becomes: state%3D%7B%22uid%22%3A1%2C%22courseId%22%3A1%7D
