Zoom auth redirect: invalid Invalid authorization code

API and Webhooks
1

Description

I tried to finish auth workflow with a auth app and got the following error. The strange part is it works for the most of time… Please see How To Reproduce session for more details.

Error

Zoom API error: invalid_request, reason: Invalid authorization code mk1Cq8Pap6_PatCmZLwQxKCZOUJsBwojQ"

Which App Type (OAuth / Chatbot / JWT / Webhook)?
OAuth

Which Endpoint/s?

https://zoom.us/oauth/token?grant_type=authorization_code

How To Reproduce (If applicable)

  1. Prepare a state token with the following data:
    { "iam_user_id":"U-86dd1422-859e-4e47-ab80-4bfbd6c28755" "next_url": "www.nexturl.com" }

  2. Then I hit this URL with the above state token to start auth workflow:
    https://zoom.us/oauth/authorize?response_type=code&client_id=t30obsgsRAa060Wc0SMw9Q&redirect_uri=https%3A%2F%2Fmeetings-demo.apigateway.co%2Fzoom%2Foauth2%2Fredirect&state=<state_token>

  3. Then zoom redirects me back the auth redirect URL I set, which is a http endpoint:
    https://meetings-demo.apigateway.co/zoom/oauth2/redirect?code=mk1Cq8Pap6_PatCmZLwQxKCZOUJsBwojQ&state=<state_token>

  4. In this http endpoint, i tried to use the returned code to get an auth token but got the above error.

  5. This only happened only after I already used the same IAM_user_id to get a token before (and it worked). The auth workflow would work again if I change IAM_user_id to something else, say: fake_id

Screenshots (If applicable)

image
image3284×318 90.3 KB

Additional context
Add any other context about the problem here.

2

Hey @achuo,

Have you tried passing in your state token url encoded or base 64 encoded?

Thanks,
Tommy

3

Nope, will that affect the behaviour of zoom auth workflow?

4

Hey @achuo,

I think you are getting that error because you are passing in a json object as the state param.

Please try base64encoding the object or url encoding it so it is url safe.

Thanks,
Tommy

5

Hey @tommy,

I will give it a try. Thanks for the help!

1 Like
6

You are welcome @achuo!

Let me know if that works! :slight_smile:

-Tommy

7

Hey @tommy

I url encoded my state token but I still got the error Error processing zoom oauth2 redirect request: the code [ibcgiRImMi_PatCmZLwQxKCZOUJsBwojQ] for exchanging OAuth token is invalid. Can you check your logs to see what happened???

It worked again (with or without url encoding state token) ONLY AFTER I fully deleted my existing token in the database… However, the database in my system only supports soft delete (by adding deleted date to a row) and this error occurred when I soft deleted my token and re-authed.

8

Hey @achuo,

It seems you must be using an old code.

Make sure once you get an access_token the first time, you use the refresh flow to get a new access_token, and not the original get get access token request passing in the code ibcgiRImMi_PatCmZLwQxKCZOUJsBwojQ.

Thanks,
Tommy

9

Hey @tommy

Sometimes we wanna to delete an existing token to retest auth workflow. Do you think it would help if I revoke my existing token first before doing re-auth?

10

Hey @achuo,

Revoking should not make a difference. If you start from Step 1, going to the install / authorize URL it should work every time. :slight_smile:

Thanks,
Tommy