OAuth scopes -> You don't have correct role

oauth

#1

Hello!

Our app only asks for 'contacts' and 'files' scopes which according to documentation are accessible to “Any Marketing or CRM account”. But a customer of ours couldn't finish OAuth flow and saw the error message:

Uh oh
You don't have the correct role to grant these permissions. Please contact your administrator

(screenshot: https://import2.d.pr/0T6bDR)

Any ideas why this has happened and how we should be fixing this?


403s on calls for Contacts API
#2

Hi @Anton_Litvinenko,

That error generally means that the user trying to authorize your integration doesn't have the proper permissions. In order for a user to approve a scope, they must have full access to all tools related to the scope being approved. In this case, it's likely they don't have full read/write permissions for all contacts; if they have read-only permission, or they only have read/write permission for contacts they own, or if they don't have access to lists, then they won't be able to approve the contacts scope. Similarly, if they don't have File Manager access, they won't be able to approve the files scope.


#3

I have given my new user full privileges and they still are getting that error. I am only asking for Contact scopes. Is there some sort of delay from when I first gave them roles to when they take effect? I have everything turned on that I can turn on for the user. They still can't authorize. I have successfully done this for the three other users of the system, I'm not sure what is happening or what else I can check at this point...


#4

Hi @Carlos_Mostek,

Is your portal a free Marketing/CRM portal? There's an ongoing issue where certain portals require a super admin to approve the contacts scope. For the time being, I'd recommend getting a super admin to approve the integration you're trying to install.


Oauth errors for non Super Admin
#5

Yes, I had to make them a Super Admin, then they could complete the Oauth flow. After I was able to store off the refresh token, I'm able to put their privileges back to just Contacts.


#6

Since this morning, we received a similar error where even though every team member had access to contacts and timeline, still only Super Admins were able to authorise with our app.

This is different from what used to happen few days back

Please help.


#7

@JustCall_Tech I was able to set users back to their normal roles after they authorized the app. It is a painful workaround, but does work to use that while they are fixing this.