Zoom Refresh token invalidated when there is a timeout and app left in unusable state

Hi @systemProc @seanbuffer ,

I learned we don’t use token tolerance mechanism for OAuth apps now.

A refresh token can be used to fetch a new access token and refresh token again and again until it expires after 90 days. The refresh token does not becomes invalid after it is used to fetch a new access token and new refresh token. The refresh token becomes invalid only in these three conditions:

  • refresh tokens expired ( after 90 days)
  • customer uninstalls the app
  • customer reauthorized the app

They checked the 15 day call log for the client id and saw some API calls to fetch a new access token using the refresh token failed because either of the following reasons:

  1. User has reauthorized but customer made the API call with old refresh token. Since user has reauthorized that old refresh token is revoked or became invalid now.
  2. Incorrect refresh token value. The refresh token sent in API call doesn’t have valid JSON format.