IChat.SendFileAsync and IChat.UploadFileAsync no longer work. When you invoke either of these methods, the Zoom API returns Invalid access token which, after investigation, turns out to be somewhat misleading. To make maters more confusing, you don't experience this problem when your application targets net48 but you indeed get this problem on any other framework like net6.0 and net7.0 for example.
It turns out that this problem is due to the combination of a few factors:
in October 2018 Microsoft resolved a security vulnerability (which is disclosed here). The solution they implemented is to remove Authorization request headers when a HTTP request is redirected. This was confirmed here.
This change was implemented in .NET Core 2.1 and all frameworks release since then but it wasn't back ported to older frameworks which explains why the problem I'm describing cannot be reproduced on net48.
Some time ago Zoom implemented a change in their API to redirect file upload requests to a different URL than what is mentioned in their documentation. I can't pinpoint exactly when this problem started (probably a few months ago but I did not notice until today).
When a developer uses ZoomNet to attempt to upload a file, we post a HTTP request to the documented URL but the Zoom API responds with HTTP 307 Temporary Redirect and also provides an alternate URL. Consequently, the HTTP client re-issues the file upload request to the alternate URL and the security code implemented by Microsoft in 2018 kicks in, thereby stripping the Authorization header from the request.
Finally, the Zoom API rejects the request due to the missing Authorization header with a Invalid access token message. Personally, I find this message somewhat misleading because the problem is not so much that the token is invalid but rather that it's missing. In my opinion, the message from Zoom should have been more explicit; something along the lines of Token was not provided.
IChat.SendFileAsync
andIChat.UploadFileAsync
no longer work. When you invoke either of these methods, the Zoom API returnsInvalid access token
which, after investigation, turns out to be somewhat misleading. To make maters more confusing, you don't experience this problem when your application targetsnet48
but you indeed get this problem on any other framework likenet6.0
andnet7.0
for example.It turns out that this problem is due to the combination of a few factors:
net48
.HTTP 307 Temporary Redirect
and also provides an alternate URL. Consequently, the HTTP client re-issues the file upload request to the alternate URL and the security code implemented by Microsoft in 2018 kicks in, thereby stripping theAuthorization
header from the request.Authorization
header with aInvalid access token
message. Personally, I find this message somewhat misleading because the problem is not so much that the token is invalid but rather that it's missing. In my opinion, the message from Zoom should have been more explicit; something along the lines ofToken was not provided
.