Updating access token gives 400 error invalid grant

Hi, I am following the php tutorial on zoom api php

I can create the tokens with a callback and store in db. My issue is simply updating the access token gives a 400 error on the refresh token line to be exact. I cant see an issue with my access/refresh token i just created and update. I am using cakephp4 and zoom api.

//my update access token is

$zoomOauth=$this->ZoomOauths->find()->first();

$refresh_token = $zoomOauth->refresh_token;
$client = new Client(['base_uri' => 'https://zoom.us']);
$response = $client->request('POST', '/oauth/token', [
   "headers" => [
        "Authorization" => "Basic ". base64_encode($zoom->zoom_client_key.':'.$zoom->zoom_secret_key)
        ],
        'form_params' => [
            "grant_type" => "refresh_token",
            "refresh_token" => $refresh_token //error here? refresh token is correct?
        ],
    ]);
     ;
Client error: POST https://zoom.us/oauth/token resulted in a 400 Bad Request response:

 $newToken=$response->getBody();

how do i fix this error as it makes no sense to me

current data from Oauth i have store
access_token => ‘[REDACTED]’

token_type => ‘bearer’

refresh_token => ‘[REDACTED]’

expires_in => (int) 3599
scope => ‘meeting:write:admin’

the past posts on this topic are too general and i need a code solution

Did you try:

$token = json_decode($response->getBody()->getContents());

yes i tried $token = json_decode($response->getBody()->getContents());

what happens now is that the code will work if i rerun the callback and get new tokens. If do a debug which is printing the variable contents to screen this will cause an invalid grant and going back and re running the function wont fix the invalid grant error.

Okay, other option:

I manually check if the token has expired, by checking a “date last modified” field in my database table where I store the access/refresh tokens:

        $sql = "
            SELECT UNIX_TIMESTAMP() - UNIX_TIMESTAMP(dlm) > expires_in
            FROM zoom_tokens
            WHERE uuid = ?
        ";

My dlm column is type datetime, Default CURRENT_TIMESTAMP and Extra on update CURRENT_TIMESTAMP.

So I call my refresh token method after this method returns true, not after a failed oAuth call to the API.

This is my refresh method, very similar to yours:

    public function refreshAccessToken()
    {
        try {
            $client   = IoC::make('GuzzleClient', ['base_uri' => 'https://zoom.us']);
            $response = $client->request('POST', '/oauth/token', [
                'headers'     => IoC::make('ZoomAuthorization')->getBasicAuthorization(),
                'form_params' => IoC::make('ZoomToken')->getRefreshTokenFormParams(),
            ]);
            $token = json_decode($response->getBody()->getContents());

            IoC::make('ZoomToken')->store($token);
        } catch (ClientException $e) {
            bdump($e, $e->getMessage());
        } catch (Exception $e) {
            bdump($e, $e->getMessage());
        }
    }

p.s. that bdump function belongs to the Tracy debugger. You should of course use your own method :wink:

Yes i already check manually and it works fine. As I said once an invalid grant error appears through simply debugging(printing) a variable then i cant get the tokens to work again.

 $zoom=$this->Admins->find()->first();
  $zoomOauth=$this->ZoomOauths->find()->first();

//check expiry
  $expirytime=$zoomOauth->created+$zoomOauth->expires_in -30;
  $expiry=date('d-m-Y h:i:s',$expirytime);
  if ($expirytime > time() ){ //not expired
	 $this->Flash->success('Access Token expires at '. $expiry  .' and doesnt need Updating ');
	return 0;
}

$refresh_token = $zoomOauth->refresh_token;

        

$client = new Client(['base_uri' => 'https://zoom.us']);
$response = $client->request('POST', '/oauth/token', [
   "headers" => [
        "Authorization" => "Basic ". base64_encode($zoom->zoom_client_key.':'.$zoom->zoom_secret_key)
        ],
        'form_params' => [
            "grant_type" => "refresh_token",
            "refresh_token" => $refresh_token
        ],
    ]);



 $time=time();
$newToken = json_decode($response->getBody()->getContents(), true); //if print this then invalid grant is thrown

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.