cancel
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 

Error: invalid_grant when requesting OAuth token

erikpukinskis
Listener

Good morning zoomerinos!

Hit a bit of a roadblock, and there is some discussion of this error on Google, but none of the advice worked for me. And other folks getting the issue seem to be using grant_type=refresh_token whereas I'm using grant_type=authorization_code. So I thought I'd thought I would ask for help here...

 

I am setting up a marketplace app with Zoom OAuth. I am able to redirect to the Zoom Authorization page just fine, and I return to my dev app just fine with an authorization `code`  in the query params.


However, when I try to the POST to https://zoom.us/oauth/token, I get a 400 HTTP response with:

{"reason":"Invalid authorization code","error":"invalid_grant"}


Here's the CURL of the request that's failing:

curl \
-H 'Authorization: Basic aWxRc3VXaThUank3S3hmakdzZURpZzpyNmc5ZjRKdmw3YndOM0c3SXc3TUdiQm1pRHloZng5ZA==' \
-H 'Content-Type: application/x-www-form-urlencoded' \
-d 'code=DjVBukFT1o1SZSYLINJRBavYXnnWiZESQ&grant_type=authorization_code&redirect_uri=https%3A%2F%2Fkernel-hvprcz4n3-kernel-fyi.vercel.app%2Fapi%2Fzoom%2Foauth%2Fsave' \
'https://zoom.us/oauth/token'

 

I did try:

 āœ… Manually encoding my client id/secret into base64 and checking the Authorization header matches

 āœ… Trying both the production client id/secret and the development ones

 āœ… Tried both JSON encoding and form encoding the body (currently is generated using URLSearchParams which should trigger fetch to use form encoding.

 āœ… Double checking all my redirect URIs are set properly in the App Marketplace

 āœ… Reading carefully through the portion of the docs about requesting the access token
 āœ… Getting a fresh authorization code

But I can't quite find any advice on what might be going wrong. Anyone have any ideas? Thanks!!

1 REPLY 1

erikpukinskis
Listener

Welp, look's like I applied the old "the second you write it up clearly and post it publicly, you will figure out the solution" debugging technique here...

 

After running through the list of ideas above, I managed to get a 200 response back from https://zoom.us/oauth/token. Things I had missed before I got it right:

  1. Made sure I had the "Basic " prefix in the Authorization header
  2. URLEncode the body (not JSON encode)
  3. Fetch a fresh authorization code
  4. Use the development client id/secret

And some combination of all of those worked!