From bd8dc6fdccb2d8b82beecaf6ae57d330a9a32089 Mon Sep 17 00:00:00 2001
From: Joshua Blum <joshua.blum@zoom.us>
Date: Thu, 29 Jan 2026 11:13:45 -0500
Subject: [PATCH] always store oauth2 token on refresh, retry auth in zoombot

---
 base/oauth.go              | 10 ++++------
 meetbot/meetbot/handler.go |  3 ++-
 zoombot/zoombot/handler.go |  4 +++-
 3 files changed, 9 insertions(+), 8 deletions(-)

diff --git a/base/oauth.go b/base/oauth.go
index 2259213f..700b9067 100644
--- a/base/oauth.go
+++ b/base/oauth.go
@@ -261,13 +261,11 @@ func GetOAuthClient(
 		if err != nil {
 			return nil, fmt.Errorf("unable to renew token: %s", err)
 		}
-		if newToken.AccessToken != token.AccessToken {
-			err = storage.PutToken(tokenIdentifier, newToken)
-			if err != nil {
-				return nil, fmt.Errorf("unable to update token: %s", err)
-			}
-			token = newToken
+		err = storage.PutToken(tokenIdentifier, newToken)
+		if err != nil {
+			return nil, fmt.Errorf("unable to update token: %s", err)
 		}
+		token = newToken
 	}
 
 	return config.Client(context.Background(), token), nil
diff --git a/meetbot/meetbot/handler.go b/meetbot/meetbot/handler.go
index e81dc656..084dccca 100644
--- a/meetbot/meetbot/handler.go
+++ b/meetbot/meetbot/handler.go
@@ -79,7 +79,8 @@ func (h *Handler) meetHandler(msg chat1.MsgSummary) error {
 		h.Errorf("unable to get service %v, deleting credentials and retrying", err)
 		return retry()
 	default:
-		if strings.Contains(err.Error(), "oauth2: cannot fetch token") {
+		if strings.Contains(err.Error(), "cannot fetch token") ||
+			strings.Contains(err.Error(), "invalid_grant") {
 			h.Errorf("unable to get service %v, deleting credentials and retrying", err)
 			return retry()
 		}
diff --git a/zoombot/zoombot/handler.go b/zoombot/zoombot/handler.go
index e4ae4609..e7248b00 100644
--- a/zoombot/zoombot/handler.go
+++ b/zoombot/zoombot/handler.go
@@ -86,11 +86,13 @@ func (h *Handler) zoomHandler(msg chat1.MsgSummary, attempts int) error {
 		return nil
 	case ZoomAPIError:
 		if err.Code == invalidTokenCode {
+			h.Errorf("invalidTokenCode %v, deleting credentials and retrying", err)
 			return retry()
 		}
 		return err
 	default:
-		if strings.Contains(err.Error(), "oauth2: cannot fetch token") {
+		if strings.Contains(err.Error(), "cannot fetch token") ||
+			strings.Contains(err.Error(), "invalid_grant") {
 			h.Errorf("unable to get service %v, deleting credentials and retrying", err)
 			return retry()
 		}