0

I am trying to make a zoom oauth2.0 app. In order to do so, I am making a backend route that accesses the zoom api. I am trying to follow steps 1 and 2 located https://marketplace.zoom.us/docs/guides/auth/oauth, but I am having trouble with step 2, which is the post request to get the token. Here is my code:

router.get('/zoom', auth, async (req, res) => {
  if (req.query.code) {
    const url = `https://zoom.us/oauth/token?grant_type=authorization_code&code=${req.query.code}&redirect_uri=${CLIENT_HOME_PAGE_URL}`;
    const headers = {
      'Content-Type': 'application/json',
      Authorization:
        'Basic clientid:clientsecret'
    };
    try {
      const res = await axios.post(url, null, { headers: headers });
      console.log(res);
    } catch (err) {
      console.error(err.message);
      return res.status(500).send('Sever Error');
    }
  }
  res.redirect(
    `https://zoom.us/oauth/authorize?response_type=code&client_id=${ZOOM_CLIENT_ID}&redirect_uri=${ZOOM_REDIRECT_URI}`
  );
});

At this point, I simply want to print the data. ZOOM_REDIRECT_URI points to the same route of '/zoom' and clientid:clientsecret is replaced with the base64string version of the actual client id and secret. I am able to be redirected to https://zoom.us/oauth/authorize which redirects me back to /zoom and tries to make a post request to the url, but the post request fails with status 403. What is wrong with my code?

Cody Gray - on strike
  • 239,200
  • 50
  • 490
  • 574
Jatong Su
  • 23
  • 1
  • 8
  • HTTP status `403` means forbidden which suggests the issue lies with the authentication. For OAuth 2.0, see this post, albeit includes react, check this out: https://stackoverflow.com/questions/54487260/how-can-we-send-oauth2-0-with-axios-in-react-js – Bren Jul 13 '20 at 02:47
  • ```Content-Type``` in your POST request must be equal to ```application/x-www-form-urlencoded``` – SaladeDeFruits Jul 19 '22 at 09:08

1 Answers1

0

You might want to try a POST with the data sent as form url encoded in the request body, which is the OAuth standard:

const formData = new URLSearchParams();
formData.append('grant_type', 'authorization_code');
formData.append('code', 'some_code');
formData.append('redirect_uri', 'some_redirect_uri');

const options = {
    url: this._configuration.tokenEndpoint,
    method: 'POST',
    data: formData,
    headers: {
        'content-type': 'application/x-www-form-urlencoded',
        'accept': 'application/json',
    },
};
const response = await axios.request(options);

Strange that the Zoom doc indicates a POST with query parameters - possible it is a documentation problem ...

Gary Archer
  • 22,534
  • 2
  • 12
  • 24