OAuth Issue - You don't have the corect role to grant these permissions



Hi, One of our customers is having issue while granting permissions to our app on OAuth permissions app. It says -

You don't have the correct role to grant these permissions. Please contact your administraor.

The scopes I'm requesting are contacts and timeline.

Apparently he was not having any issues until last week, and nothing has changed in our app or customer's HubSpot account. Also, everything works fine for all other users of their HubSpot portal.

Here are more details -

HubSpot AppId - 52964
Customer's Hub Id - 2103956
Customer's HubSpot user id - 5245999



Hi @Vishesh_Singhal,

Seems like that user can only view/edit contacts that are owned by them; the contacts scope grants read/write access to all contacts in a portal regardless of owner, so an authorizing user needs to have view/edit permissions for all contacts. Can you have them update their view/edit permissions or try authorizing with a different user?


Hi @Derek_Gervais, I had a meeting with client and confirmed that user has "Edit" on everything under contacts tab in settings. He also was able to OAuth successfully before and there is no change in settings.
Still he is seeing the same issue. Can you please look into it again?



Hi @Vishesh_Singhal,

Based on what I can see, that user should be able to install that integration. Can you give me your full authorization URL (without your actual client ID) so that I can do some testing on my end?


Hi @Derek_Gervais,

Here is the auth url - https://app.hubspot.com/oauth/authorize?response_type=code&redirect_uri=https%3A%2F%2Fqwilr.com%2Fweb-api%2Fauth%2Fhubspot%2Freturn&scope=timeline%20contacts&client_id=xxxxxxxxx

Also, it's only happening for this one user in this HubSpot portal. Other users in this portal are able to do OAuth successfully


Hi @Derek_Gervais, is there any update on this? Our customers are waiting on this to resolve and it's critical for us.



Hi @Vishesh_Singhal,

Thank you so much for your patience, we're experiencing a higher-than-usual volume here in the forums. Looking more closely, that user does not have access to the Lists tool, which is why they cannot authorize the integration. The contacts scope grants access to the Contact Lists API, so an authorizing user must have access to that tool.

The lists permissions are under the marketing tab in user permissions. If this user is given access to lists (but no other marketing permissions) they should be able to authorize the integration.


Hi @Derek_Gervais, Thanks for the help. So, it seems that issue was resolved for this customer as we didn't hear from them again about the issue.

However, we've had another customer writing in with the same issue. There hubId is 4124093. Their admin mick@xxxxxx is able to authorize the integration, but none of the other users can do that. Here are the emails of other users -
michael@xxxxx, tommy@xxxxx, sarah@xxxxx. Can you please check it and let me know what's the issue here?