Missing or invalid scopes

jsimone · ‎Dec 9, 2016

I am trying to get OAuth to work. Was working fine last week, but now I am getting a 400 bad request.

Here is what I do:

-> app.hubspot.com/oauth/authorize?client_id={id}&scope=contacts&redirect_uri=http://www.hubspot.com
I get back a code and use it to authenticate
https://api.hubapi.com/oauth/v1/token
with header “Content-Type” = application/x-www-form-urlencoded
and body x-www-form-urlencoded in POSTMAN to:
grant_type = authorization_code
client_id = my client id
client_secret = my secret
redirect_url = http://www.hubspot.com
code = code returned from step 1 above

NOTE: my dev portal id = 2712969

When I issue the request in POSTMAN I get 400 bad request:
{
“error”: “access_denied”,
“error_description”: “missing or invalid scopes”
}

This was working fine last week, but not today.

Any help is greatly appreciated.

joe

jsimone · ‎Dec 14, 2016

I am back in business. After deleting and recreating my CRM - all my test deals, all my test contacts and all my test companies, I was able to successfully acquire a code and then an access token. I can now send API requests without errors. After the OAuth initiate call I was greeted by the grant permissions page to which I granted access:

Report Inappropriate Content · ‎Dec 9, 2016

If you’re trying to exchange a code for a token your redirect_url should be your original redirect url, not hubspot.

jsimone · ‎Dec 10, 2016

thanks, you are correct. In my java code, I use the correct redirect URL back to my app. In the above post, I am just trying to get it to give me back an access token using POSTMAN. This request was working. This is the first time I am getting “missing or invalid scopes” error message. My assumption is that something must be different or has been changed in Hubspot land.

Dadams · ‎Dec 12, 2016

@jsimone are you getting that error in the POST to https://api.hubapi.com/oauth/v1/token to get the initial tokens? You using redirect_url instead of redirect_uri (L instead of I in uri), but that should be returning a different error.

Does your app have the contacts scope checked in the settings? Do you have any other scopes selected?

jsimone · ‎Dec 13, 2016

I did have redirect_url, the “url” was just a type from me entering it here.

Anyway, today I am not getting an auth code when I submit this:

https://app.hubspot.com/oauth/2712849/authorize?client_id=860e339e-6e4f-4c7d-afba-b28d545dbc39&scope...

I am getting this:

Uh oh!

You do not have the correct role to grant these permissions. Please contact your administrator.

this happens even though my dev account (2712849) has:

both Account Administor and Developers Administrator

Any idea why I am getting this. Yesterday I was getting an auth code but access denied on the token request. Today I am not even getting that far!

After this, i tried deleting my CRM account (2712969) only leaving my dev portal account (2712849) to no avail.

thx.

Dadams · ‎Dec 13, 2016

Developer portals don’t have access to any of the tools besides the developer tools, so they won’t be able to authorize an OAuth connection. If you only have a developer portal, you can create a test portal that can be used to test the authorization.

APIs & Integrations