giorgosavgeris / passport-zoom-oauth2 Goto Github PK
View Code? Open in Web Editor NEWPassport Strategy for Zoom OAuth 2.0
License: MIT License
Passport Strategy for Zoom OAuth 2.0
License: MIT License
Installed the strategy, setup routes but getting error
Error: Unknown authentication strategy "zoom
router.get('/auth/zoom',` passport.authenticate('zoom'));
const ZoomStrategy = require('@giorgosavgeris/passport-zoom-oauth2').Strategy;
module.exports = (passport) => {
passport.use(
new ZoomStrategy({
clientID: process.env['ZOOM_CLIENT_ID'],
clientSecret: process.env['ZOOM_CLIENT_SECRET'],
callbackURL: process.env['BASE_URL'] + '/auth/zoom/callback',
passReqToCallback: true
}, (req, accessToken, refreshToken, profile, cb) => {
req.data = {
access_token: accessToken,
refresh_token: refreshToken,
profile: profile
};
return cb(null, profile);
}));
};
As a part of our continuing efforts to improve the security of Zoom OAuth App Types using Authorization flow, Zoom removed the ability to set the access tokens, refresh tokens and revoke tokens in the URL query parameters. This change took effect on February 2023. To fix this, all the token values should be set in the Authorization header and not the HTTP query parameters.
The next error is thrown if the access-token
is not set in the Authorization
header:
error: {
statusCode: 401,
data: '{"code":124,"message":"Invalid access token, this access token is not supported as query parameter string."}
PR with patch: #5
Zoom Dev Forum: https://devforum.zoom.us/t/security-update-no-token-values-in-url-query-parameters/78782
When submitting our app, utilizing oauth2 with Zoom as the provider, we were informed that his strategy was including the scope parameter in the callback URL, ie:
https://marketplace.zoom.us/authorize?client_id=&response_type=code&redirect_uri=https%3A%2F%2Fexample.com%2Flogin%2Fzoom%2Fcallback&scope=user:read&_zmp_login_state=
The reviewer rejected the app, insisting that he scope should not be passed in the redirect URL. I gather this is a relatively recent policy change on the part of Zoom, but in order to produce compliant oauth2 apps, for Zoom, a (probably one line) change must be made to this strategy. I may ackle it as time allows, but posting this for reference in the meantime.
I am getting "Failed to fetch user profile" after authentication. Is there something i am missing?
I have granted the following scopes:
View account info/account:read:admin
View and manage all user meetings/meeting:write:admin
View and manage all user Webinars/webinar:write:admin
InternalOAuthError: Failed to fetch user profile
at /auth/node_modules/@giorgosavgeris/passport-zoom-oauth2/lib/strategy.js:61:19
at passBackControl (/auth/node_modules/oauth/lib/oauth2.js:132:9)
at IncomingMessage.<anonymous> (/auth/node_modules/oauth/lib/oauth2.js:157:7)
at IncomingMessage.emit (events.js:203:15)
at endReadableNT (_stream_readable.js:1145:12)
at process._tickCallback (internal/process/next_tick.js:63:19)
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.