Started getting "Invalid redirect: https://faria.managebac.com/teacher/zoom/pair (4,700)"

Description
Last week everything worked but starting this week our customers report they cannot authorize our Zoom App due to “Invalid redirect error”. An example of such an error for our testing school https://faria.managebac.com is “Invalid redirect: https://faria.managebac.com/teacher/zoom/pair (4,700)”.
The redirect URI for our app is “https://any.managebac.com/teacher/zoom/pair”. The app is https://marketplace.zoom.us/apps/kESVYFfuTwWCaFGjxAcpiA
The request that causes that particular error is https://zoom.us/oauth/authorize?client_id=xKlB2N_fQL2DPA5FGdqpCw&redirect_uri=https%3A%2F%2Ffaria.managebac.com%2Fteacher%2Fzoom%2Fpair&response_type=code

Error
No way to authorize the app. It shows error for every user that tries to authorize it. Example: “Invalid redirect: https://faria.managebac.com/teacher/zoom/pair (4,700)”. The invalid redirect URI depends on the school the user belongs to.

Which App Type (OAuth / Chatbot / JWT / Webhook)?
OAuth App https://marketplace.zoom.us/apps/kESVYFfuTwWCaFGjxAcpiA

Which Endpoint/s?
Knowing the API endpoint/s can help us to identify your issue faster. Please link the ones you need help/have a question with.

How To Reproduce (If applicable)
Steps to reproduce the behavior:

  1. Open https://zoom.us/oauth/authorize?client_id=xKlB2N_fQL2DPA5FGdqpCw&redirect_uri=https%3A%2F%2Ffaria.managebac.com%2Fteacher%2Fzoom%2Fpair&response_type=code in a browser.
  2. The error “Invalid redirect: https://faria.managebac.com/teacher/zoom/pair (4,700)” is shown.

Screenshots (If applicable)

Additional context
I suspect the issue started to happen due to “any” stooped to work as a wildcard for any subdomain within the main domain for multitenant apps like ours.

1 Like

Hey @sergii.iakovyn

Thanks for posting on the Zoom Devforum! I am still learning, but I will try my best to help answer your question. :slightly_smiling_face:

Checkout these related threads that may have the answer you are looking for:

If these threads did not help, please let us know by replying back here and someone from the Developer Relations team will get back to you shortly.

Thanks,
DeveloperBot

I get one step in investigating the issue. For unknown reason the whitelist URLs are the only ones allowed in the redirect_uri. I have https://any.managebac.com/teacher/zoom/pair as “Redirect URL for OAuth” and “https://managebac.com” as a whitelist URL. Looks like Whitelist URL functionality changed its behavior.

After experimenting a bit more I can say that support for multitenancy as described in https://marketplace.zoom.us/docs/guides/auth/oauth#getting-access-token is completely broken. Whitelist URLs do not understand any as a placeholder for tenant subdomain nor they allow for any in the “Redirect URL for OAuth”.
Looking forward for an update from Zoom dev team.

Hey @sergii.iakovyn,

Instead of setting any.domain.com as your whitelist, try setting the base domain, domain.com and putting any.domain.com as the default production redirect url.

Let me know if that fixes the issue. :slight_smile:

Thanks,
Tommy

Hi @tommy
Copying from my post:

I have https://any.managebac.com/teacher/zoom/pair as “Redirect URL for OAuth” and “https://managebac.com” as a whitelist URL

So you suggest what I already have and what doesn’t work anymore :frowning:

Hey @sergii.iakovyn,

Does it work if you add the sub domain url (https://any.managebac.com) within the whitelist?

I will see if anything changed or there is a bug on our side. (ZOOM-162618)

Thanks,
Tommy

Hi @tommy,

Does it work if you add the sub domain url ( https://any.managebac.com ) within the whitelist?

It does not help. The only way to make it accept the redirect_uri is to have it started from one of whitelisted URLs. It asks for a user consent only if I manually make the redirect URI. In my particular case the accepted URL is https://managebac.com/teacher/zoom/pair instead of https://faria.managebac.com/teacher/zoom/pair, thus, drawing the multitenancy unusable.

Hey @sergii.iakovyn,

Other developers are also reporting this issue. Our engineering team is investigating the root cause.

I will share updates with you as I get them.

Apologies for the inconvenience.

Thanks,
Tommy

Hello, I also have same issue.
In my case, my OAuth app has worked very well.
However, suddenly this issue happened at first two days before (I’m not sure the exact day issue happend).
Other apis using token issued before works well, but only the problem is authorization process.
I think there was no change in my code for a few days… I want to get your help

Here is my App’s info:
App Name: CLASSUM

Whitelist URL:

Publishable URL:
https://zoom.us/oauth/authorize?response_type=code&client_id=EbEZkkRtR3aZzOQgUd7NHA&redirect_uri=https://api.classum.net/v2/zoom/oauth

In real case, we have state query parameter, so this is real error message.
(잘못된 리디렉션 == Invalid redirection)

I hope your check and reply.
Thank you,
Minseong

Hey @dev9, @sergii.iakovyn,

It should be fixed now! :slight_smile:

Please try and let me know if you see any issue.

-Tommy

Hi, @tommy
I found that my publishable URL works again! Thanks for your effort.

However, as mentioned above, I have used query parameter named state in redirect URL to give some information. Even though publishable URL works, if I add query parameter, it still fails.
Is this change intended? If so, can you tell me why this change happened?
Also, I hope any guideline if you can since I should find another way to deliver data to my server ASAP.

EDIT
My state parameter has JSON value, using JSON.stringify().
I leave my failed URL for your check. This is URL for test account & test course.
https://zoom.us/oauth/authorize?response_type=code&client_id=EbEZkkRtR3aZzOQgUd7NHA&redirect_uri=https%3A%2F%2Fapi.classum.net%2Fv2%2Fzoom%2Foauth%3Fstate%3D%7B%22uid%22%3A4644%2C%22courseId%22%3A4971%7D

EDIT 2
I found that just using query parameter is not the case.
I tried simple parameter such as state=1234 to my redirect URL, and it works!
I think some of URI encoded components in my result of JSON.stringify makes some issue.

Thanks you,
Minseong

Hey @dev9,

Happy to hear it is fixed now! :slight_smile:

Yes, you will want to use the state query param and a URL safe value for it.

Thanks,
Tommy

Hi @tommy,

I think there was miscommunication.
In my case, I use state parameter with JSON object, and it DOESN’T FIXED yet.
Please check the url I gave before.

Thanks,
Minseong

Hey @dev9,

Can you give me a sample JSON object so I can reproduce the issue? Your best bet right now is to use a URL safe state parameter. :slight_smile:

Thanks,
Tommy

Hi @tommy

I’m sure it is URL-safe value since it have been worked so far… (maybe until 1 week ago)
Anyway, the parameter is like this:
state={"uid":1,"courseId":1}

Of course we encode this using encodeURIComponent, so the result becomes:
state%3D%7B%22uid%22%3A1%2C%22courseId%22%3A1%7D

The full authorization link is below (The value of courseId & uid is for test):
https://zoom.us/oauth/authorize?response_type=code&client_id=EbEZkkRtR3aZzOQgUd7NHA&redirect_uri=https%3A%2F%2Fapi.classum.net%2Fv2%2Fzoom%2Foauth%3Fstate%3D{"uid"%3A4644%2C"courseId"%3A4971}

I hope you can get enough information from my reply.
If needs more, please let me know.

Thanks,
Minseong

Thanks @tommy. I, however, cannot test it now as we reworked our flow to avoid dependency on multitenancy support.

@tommy , I tested it in our test environment and looks like it is really fixed. Thanks again!

1 Like

Happy to hear! :slight_smile:

Let me know if you need anything else!

-Tommy

Hey @dev9,

Checkout my post here which should fix the issue:

Thanks,
Tommy