PR Custody

PRPR Custody

feat(zoom): add team_chat granular OAuth scopes for chat tools

@surajmarkupchecks n/achecks…suraj/zoom/add-team-chat-scopes → master1 files · +7 −0updated 1mo ago

GitHub

▸Description · 1 noise

Summary

Adds the user-level granular team_chat:* OAuth scopes to Zoom's oauth_default_scopes so the new Zoom chat tools can authenticate
Without these, all 7 chat actions (send/list/update/delete messages, list/get/create channels) fail with Zoom error 4711: Invalid access token, does not contain scopes:[team_chat:...]
Surfaced via cortex's build-workflow run in this Slack thread — every workflow failed with FAILED_AUTH_ISSUE pointing at missing team_chat:* scopes

Scopes added (user-level only)

Action	Scope
`ZOOM_LIST_USER_CHAT_MESSAGES`	`team_chat:read:list_user_messages`
`ZOOM_SEND_CHAT_MESSAGE`	`team_chat:write:user_message`
`ZOOM_UPDATE_CHAT_MESSAGE`	`team_chat:update:user_message`
`ZOOM_DELETE_CHAT_MESSAGE`	`team_chat:delete:user_message`
`ZOOM_LIST_CHAT_CHANNELS`	`team_chat:read:list_user_channels`
`ZOOM_GET_CHAT_CHANNEL`	`team_chat:read:channel`
`ZOOM_CREATE_CHAT_CHANNEL`	`team_chat:write:user_channel`

:admin variants are intentionally omitted — the rest of oauth_default_scopes is user-level, and admin scopes would require Zoom org-admin consent during OAuth.

Follow-ups (not in this PR)

The Composio Zoom OAuth app in the Zoom Marketplace needs these scopes enabled on its side, otherwise users can't consent to them.
The test connected account used by cortex needs to be re-authorized so the new scopes are present on its issued token, then cortex can re-run the 7 build workflows.

Test plan

Validated locally that the change is purely additive to oauth_default_scopes
After Zoom Marketplace app updated, re-auth a test Zoom account and confirm token has team_chat:* scopes
Re-run the 7 cortex Zoom chat build workflows and confirm they no longer fail with FAILED_AUTH_ISSUE

🤖 Generated with Claude Code

Linear: INT-1995

▸ 1 bot/status comment hidden

@linear[bot]1mo ago

Context

Cortex kicked off 7 build workflows for new Zoom chat tools and all 7 failed with FAILED_AUTH_ISSUE. Zoom migrated chat endpoints from classic chat_message:* / chat_channel:* scopes to granular team_chat:* scopes, and the Composio Zoom OAuth app's scope list was missing the new ones — so issued tokens fail with API error 4711:

Invalid access token, does not contain scopes:[team_chat:...]

Slack thread: https://composioworkspace.slack.com/archives/C0AFKE72UGZ/p1777460496715319

Affected actions

ZOOM_SEND_CHAT_MESSAGE
ZOOM_LIST_USER_CHAT_MESSAGES
ZOOM_UPDATE_CHAT_MESSAGE
ZOOM_DELETE_CHAT_MESSAGE
ZOOM_LIST_CHAT_CHANNELS
ZOOM_GET_CHAT_CHANNEL
ZOOM_CREATE_CHAT_CHANNEL

Fix

PR adding the user-level team_chat:* scopes to mercury/apps/zoom/config.ts:

https://github.com/ComposioHQ/mercury/pull/23044

Follow-ups (not in PR)

Enable the same team_chat:* scopes on the Composio Zoom OAuth app in the Zoom Marketplace (otherwise users can't consent to them even after this PR merges).
Re-authorize the test connected account used by cortex so its issued token carries the new scopes.
Re-run the 7 cortex Zoom chat build workflows and confirm they no longer fail with FAILED_AUTH_ISSUE.

Decisions

Added user-level scopes only (team_chat:write:user_message, etc.); skipped variants to stay consistent with the rest of and avoid requiring Zoom org-admin consent.

loading diff…

@linear[bot]1mo ago

Context

Invalid access token, does not contain scopes:[team_chat:...]

Slack thread: https://composioworkspace.slack.com/archives/C0AFKE72UGZ/p1777460496715319

Affected actions

ZOOM_SEND_CHAT_MESSAGE
ZOOM_LIST_USER_CHAT_MESSAGES
ZOOM_UPDATE_CHAT_MESSAGE
ZOOM_DELETE_CHAT_MESSAGE
ZOOM_LIST_CHAT_CHANNELS
ZOOM_GET_CHAT_CHANNEL
ZOOM_CREATE_CHAT_CHANNEL

Fix

PR adding the user-level team_chat:* scopes to mercury/apps/zoom/config.ts:

https://github.com/ComposioHQ/mercury/pull/23044

Follow-ups (not in PR)

Enable the same team_chat:* scopes on the Composio Zoom OAuth app in the Zoom Marketplace (otherwise users can't consent to them even after this PR merges).
Re-authorize the test connected account used by cortex so its issued token carries the new scopes.
Re-run the 7 cortex Zoom chat build workflows and confirm they no longer fail with FAILED_AUTH_ISSUE.

Decisions

Added user-level scopes only (team_chat:write:user_message, etc.); skipped variants to stay consistent with the rest of and avoid requiring Zoom org-admin consent.