API Revoke - Multiple Tokens Bug

kwoods · ‎2023-08-10

Scenario:

Single user multiple access tokens.

When I call the revoke endpoint with an access token then all the user's access tokens become invalid.

example:

RESP=$(curl -X POST https://zoom.us/oauth/token -d 'grant_type=account_credentials' -d "account_id=$ACCOUNT_ID" -H 'Host: zoom.us' -H "Authorization: Basic ${BASIC_CRED}")

echo "RESP - $RESP"

AT=$(echo $RESP | jq -r .access_token)

echo "AT - $AT "

C_CHAN=$(curl -X POST https://zoom.us/v2/chat/users/me/channels -H 'Content-Type: application/json' -H "Authorization: Bearer ${AT}}" -d '{ "name": "KEY-1234", "type": 3}')
echo "Created $C_CHAN"

C_CHAN_ID=$(echo $C_CHAN | jq -r .id)

# get 2nd access token

RESP_2=$(curl -X POST https://zoom.us/oauth/token -d 'grant_type=account_credentials' -d "account_id=$ACCOUNT_ID" -H 'Host: zoom.us' -H "Authorization: Basic ${BASIC_CRED}")

AT2=$(echo $RESP_2 | jq -r .access_token)

#REVOKE FIRST TOKEN

curl -X POST https://zoom.us/oauth/revoke -d "token=${AT}" -H 'Content-Type: application/x-www-form-urlencoded' -H "Authorization: Basic ${BASIC_CRED}"
echo "AT2 - $AT2"

# send message with 2nd token
curl -X POST https://zoom.us/v2/chat/users/me/messages -H 'Content-Type: application/json' -H "Authorization: Bearer ${AT2}}" -d "{ \"message\": \"message \", \"to_channel\": \"$C_CHAN_ID\" }"

#FAILS 😞

VA · ‎2023-08-14

Hi @kwoods and welcome to the Zoom Community! I'm sorry you haven't received an answer to your question yet. You may want to ask over in our Developer Forum, they will be better able to help!

Virginia
Zoom Community Team
Have you heard of Zoom AI Companion?

Communication

Productivity

Apps & Integration

Spaces

Employee Engagement