Impact of scope changes for OAuth2



Hi all,
We are building an app that has Workflows and Contact scope selected.
If we remove the workflow scope (in order to allow more Hubspot users to use our app),
what happens to existing accounts that authorized our app already,
do they have to re-authenticate?

Thanks for your help


Hi @kimnguyen,

Removing a scope doesn’t require re-authentication. Changing your app’s scopes won’t affect existing refresh tokens; new tokens generated going forward would be limited to the newly requested scopes (in this case, contacts).


Hi Derek, thanks for your answer!
Another question about scopes:
What are exactly the type of Hubspot tenants that can make use of the “Contacts” scope and install an app?
We receive complaints from users that are Platinum Hubspot Agencies owners, with super admin privileges, but they still get an error saying they don’t have the right permissions… Any clue about the issue?




Hi @kimnguyen,

At the moment, all customers should have access to contacts, since all portals will have access to the free CRM. There was previously an issue with the contacts scope that was preventing authentication, but this issue has been resolved and going forward should no longer affect the contacts scope.