URGENT ### {“reason”:”Invalid authorization code ***”,”error”:”invalid_grant”}

Hello I am currently getting the error:
I am using zoomappsdk for client side
{“reason”:“Invalid authorization code [REDACTED]”,“error”:“invalid_grant”}

I used the zoomapp sdk and used the authorize and onauthorized functions on the client side to get the authorization code
{code: “###”, result: true, timestamp: ###, redirectUri: "https://###.ngrok.io/”}

Then I send the code to the backend with a code_verifier to then the server sends a post to
https://zoom.us/oauth/token” with the parameters


No Luck :frowning:
Can someone please help with this Ive been stuck on why its giving authorization code error the last two days
Heres what I am doing to run the current code challenge

async function generateCodeChallenge() {
// Generate a random string for the challenge
const challenge = await generateRandomString(64);
// Convert the challenge to a buffer
const challengeBuffer = new TextEncoder().encode(challenge);

// Encode the buffer using plain encoding
const codeChallenge = btoa(String.fromCharCode(…new Uint8Array(challengeBuffer)));

// Generate a random string for the verifier
const verifier = await generateRandomString(64);

// Convert the verifier to a buffer
const verifierBuffer = new TextEncoder().encode(verifier);

// Encode the buffer using base64
const codeVerifier = btoa(String.fromCharCode(…new Uint8Array(verifierBuffer)));

return { codeChallenge, codeVerifier };

On the backend here is what I am running for calling zoom server

const zoomtokenep = “https://zoom.us/oauth/token”;
const myappredirect = req.query.redirectUri;
if (req.query.code) {
console.log(“CODE VERIFIER”)
const zoomclientid = “Z***”
const zoomclientsec = “T***”
const auth = ‘Basic ’ + Buffer.from(zoomclientid + ‘:’ + zoomclientsec).toString(‘base64’);
var url = zoomtokenep + ‘?grant_type=authorization_code&code=’ +
req.query.code + ‘&code_verifier=’+req.query.code_verifier +’&redirect_uri=’ + myappredirect;
url: url,
headers: {
“Authorization”: auth
}, function(error, response, body) {
if (error) {
console.log("Error when getting Zoom token = " + error);
body = JSON.parse(body);
if (body.access_token) {
accessToken = body.access_token;
// Process and securely store these tokens
res.send({ output: accessToken});
} else {
console.log(“FATAL - could not get zoom token”);

} else {
console.log(“Missing code from Zoom”);

This may have to do with how the code_challenge is generated. To rule out if this is related to the code challenge generation, are you able to authorize the app without using PKCE?

Here’s an example of generating a code_challenge from a verifier:

Let me know if that helps.

thanks it is helpful for me

Great! I’m glad to hear that was helpful.