Zoom OAuth endpoint returning no data

Using this template helps us debug your issues more effectively

Description
I am trying to retrieve an oauth token via /oauth/token endpoint and am getting back a 200 response with no data. Zoom is calling an API I have written that takes the supplied authCode and attempts to generate a token, however I am not getting any response back from the zoom API following the guidelines here: https://marketplace.zoom.us/docs/guides/auth/oauth#step-2-request-access-token

Error
No data returned

Which App Type (OAuth / Chatbot / JWT / Webhook)?
OAuth

Which Endpoint/s?
/oauth/token

How To Reproduce (If applicable)
Steps to reproduce the behavior:
I am sending the following request:
HttpRequest{
method=POST,
uri=https://api.zoom.us/v2/oauth/token,
headers=[
Pair{Authorization=Basic [clientId:clientSecretBase64 encoded]},
Pair{Content-Type=application/x-www-form-urlencoded}
],
body=code=[authCode]&redirect_uri=[myRedirectURI]&grant_type=authorization_code
}

This is one example of the response I’m getting back

< HTTP/2 200
< date: Fri, 18 Jun 2021 20:20:15 GMT
< content-length: 0
< x-zm-trackingid: WEB_ea696e374c001775a2b99c3272baa550
< x-content-type-options: nosniff
< content-security-policy: upgrade-insecure-requests; default-src https://*.zoom.us https://zoom.us blob: 'self'; img-src https: about: blob: data: 'self'; style-src https: safari-extension: chrome-extension: 'unsafe-inline' data: 'self'; font-src https: safari-extension: chrome-extension: blob: data: 'self'; connect-src * about: blob: data: 'self'; media-src * rtmp: blob: data: 'self'; frame-src https: ms-appx-web: zoommtg: zoomus: wvjbscheme: data: 'self'; object-src 'none'; base-uri 'none';
< x-frame-options: SAMEORIGIN
< set-cookie: zm_aid=""; Domain=.zoom.us; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/; Secure; HttpOnly
< set-cookie: zm_haid=""; Domain=.zoom.us; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/; Secure; HttpOnly
< set-cookie: web_zak=""; Domain=.zoom.us; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/; Secure; HttpOnly
< p3p: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
< set-cookie: _zm_ssid=aw1_c_19-PLYTgRwiGG75S5wAqvA; Domain=.zoom.us; Path=/; Secure; HttpOnly
< strict-transport-security: max-age=31536000; includeSubDomains
< x-xss-protection: 1; mode=block
< referrer-policy: strict-origin-when-cross-origin
<

Additional context
I’ve tried just about everything I can think of to try and make this request work, but the API refuses to give me either an error code or any response body back so I’m really not sure what else I should be trying.

Hi @cstout,

Happy to help—what is your preferred language for making this request? I’m happy to see if I can provide you with an example.

In the meantime, here is a request that should work in HTTP:

POST /oauth/token?grant_type=authorization_code&code={code}&redirect_uri=https://zoom.us HTTP/1.1
Host: zoom.us
Authorization: Basic {base64encoded ID:Secret}

Let me know—thanks!
Will

Hi @will.zoom, sorry if this gets posted twice, looks like my original reply might have been moderated?

It looks like in your example you’re passing query params, but the docs indicate those should be a body that is application/x-www-form-urlencoded. Will either work?

The server is written in java, here is a snippet of what the request looks like. See if anything looks off to you. Thanks so much for your help!

   basicZoomAuth =
      Base64
        .getEncoder()
        .encodeToString(
          String.format("%s:%s", zoomClientId.get(), zoomClientSecret.get()).getBytes()
        );
   HttpRequest getTokenRequest = HttpRequest
      .newBuilder()
      .setUri("https://api.zoom.us/oauth/token")
      .setMethod(POST)
      .addHeader("Authorization", "Basic " + basicZoomAuth)
      .addBodyParam("code", authCode)
      .addBodyParam("redirect_uri", REDIRECT_URI)
      .addBodyParam("grant_type", "authorization_code")
      .addHeader("Content-Type", "application/x-www-form-urlencoded")
      .build();

Just to follow up, I have tried the request as you’ve pasted here and I’m still seeing the same behavior. Some clarification:

• The redirect_uri parameter should be my redirect uri that I have defined for my application correct? Not the zoom.us url you have listed
• Is the expected behavior of the API that if an error is encountered I’ll get a 200 response with no body? Why am I not getting an error code in the response or some non 200 http response code?

Hey @cstout,

Thanks for clarifying.

First, regarding:

• The redirect_uri parameter should be my redirect uri that I have defined for my application correct? Not the zoom.us url you have listed

That’s right—I’m just using this as an example.

As for:

• Is the expected behavior of the API that if an error is encountered I’ll get a 200 response with no body? Why am I not getting an error code in the response or some non 200 http response code?

This means something is likely still off with your request.

Have you tried sending this request in Postman, cURL, etc. to see if you run into the same issue?

Let me know, thanks!
Will