Can ZoomNet get an Access Token?

[jaimefuhr]

Switching our code from JWT to OAUTH.

Is there a method in the ZoomNet library to exchange an Authorization Code for an Access Token? Following that, is there a method to refresh the token?

Thanks!

[jaimefuhr]

So I found that I get the AccessToken by using the OAuthConnectionInfo method - I think.

var connectionInfo = new OAuthConnectionInfo(clientID, clientSecret ,authorizationCode, (newRefreshToken, newAccessToken) => { log.Debug($"Access Token is {newAccessToken}"); log.Debug($"Refresh Token in {newRefreshToken}"); }, redirectURI);

But, it's not falling into the onTokenRefreshed delegate and connectionInfo shows a null value for the AccessToken and RefreshToken properties.

Am I off base?

[Jericho]

You are not the first person to ask. Therefore I am assuming that the instructions on how to use OAuth (and Server-to-Server OAuth which is the replacement for JWT) are not clear.

The short answer is that ZoomNet is designed to hide the complexities of OAuth. It takes care of converting an authorization code into an access token, getting a token, renewing the token when it expires, etc.

From the instructions about using OAuth:

ZoomNet takes care of generating the access token and the refresh token but it's your responsibility to store these generated values.

and from the Server-to-Server instructions:

ZoomNet takes care of getting a new access token and it also refreshes a previously issued token when it expires (Server-to-Server access token are valid for one hour).

Let me know what I could change to improve the instructions.

[jaimefuhr]

The part missing in the instructions is how do you pass the Authorization Code Zoom sends after the user authorizes, to ZoomNet to get the access token.

In the instructions, there is a bullet/step that says "Zoom generates an authorization code....", and then it goes on to say the access token is valid for 60 minutes.

The next paragraph says that ZoomNet takes care of generating the access token., followed by a block of code.

However that code, to me, looks like something you execute after you have exchanged the Authorization Code to get an Access and Refresh token. There's nothing in there about the authorization code.

Do I have to call Zoom's API to do the exchange or can ZoomNet handle that?

[Jericho]

I updated the instructions. Let me know if it's better.

[jaimefuhr]

The example code will insert the authorization code into the account ID property. I had to add an empty string for the RedirectURI so that it called the right overload:

var connectionInfo = new OAuthConnectionInfo(clientID, clientSecret ,authorizationCode, (newRefreshToken, newAccessToken) => {
                            log.Debug($"Access Token is {newAccessToken}");
                            log.Debug($"Refresh Token in {newRefreshToken}");
                        },"");

var zoomClient = new ZoomClient(connectionInfo);

One thing I noticed is that the OnTokenRefreshDelegate does not fire until after you do something with the client.

I was expecting it to give me the Access and Refresh tokens after instantiating the client. So you may want to add that to the instructions.

Other than that, it's working perfectly now. Thanks for your help!

[Jericho]

The example code will insert the authorization code into the account ID property. I had to add an empty string for the RedirectURI so that it called the right overload:

Good catch! I will correct the documentation.

One thing I noticed is that the OnTokenRefreshDelegate does not fire until after you do something with the client.

This is indeed the way it's supposed to work. The ZoomNet client does not convert your authorization code or refresh your access token until necessary.

[Jericho]

oh and one more thing: some developers have complained that they get a Redirect URI mismatch error from Zoom API when they set the redirect Uri to a null value. I don't know why Zoom does not always throw this exception but I thought I would mention it you just in case.

[jaimefuhr]

oh and one more thing: some developers have complained that they get a Redirect URI mismatch error from Zoom API when they set the redirect Uri to a null value. I don't know why Zoom does not always throw this exception but I thought I would mention it you just in case.

I wonder if the mismatch error occurs when the developer has made use of the "OAuth Allow List" in Zoom. Perhaps passing in null or empty causes a security check fail.

[jaimefuhr]

I read those instructions, but I think where the disconnect is that there is no code showing how to pass in the initial authorization token. I understand that behind the scenes ZoomNet is handling the access/refresh sequence, but in the example code just after the line that says ZoomNet takes care of generating the access token and the refresh token but it's your responsability to store these generated values. The sample code doesn't show the authorization code being passed into ZoomNet.  It says ".. the access token previously issued by Zoom".  That's the piece that I'm looking for - how do you pass in that initial authorization code and let ZoomNet take it from there.

[Jericho]

The sample code doesn't show the authorization code being passed into ZoomNet.  It says ".. the access token previously issued by Zoom".  That's the piece that I'm looking for - how do you pass in that initial authorization code and let ZoomNet take it from there.

When you configure your User-level or Account-level Oauth app in Zoom app marketplace, you must specify "Redirect URL for OAuth". When a user adds your app to their Zoom account, they are asked for their permission and, assuming they consent, they are ultimately redirected to the URL you configured. When redirecting the user to your configured url, Zoom appends the authorization code to the querystring. You need to read this value from the querystring. This is how you get the authorization code.

[yashashri2510]

I am getting above error. Can you please help me figure this out?

[Jericho]

You are getting an HTTP 400 BAD REQUEST response from the Zoom API, therefore you should contact Zoom's support to figure out why their API is responding with this HTTP code.

Having said that, the error message says that your application is disabled. This leads me to surmise that there is probably something wrong with your OAuth application. Maybe it's been removed from your account?. You should review your OAuth application's configuration.