This is a commonly misunderstood error when it comes to OAuth2 and HS integrations. I am only now starting to fully understand why this happens after speaking with HS devs for the past 3 days.
You might notice that a Super Administrator of a portal can successfully connect to your integration and an admin or regular user with the right permissions would receive this error.
That's because Super Admins can install any app into any portal, no matter the scope requirements.
However, if the portal doesn't support one of your scopes, then any other user than Super Admin will receive this error.
Here's an example:
- My integration requires the content scope
- A super admin of a HubSpot free plan can successfully Auth into my integration, even though HubSpot free accounts don't come with Landing Pages or Websites. This should make the scope permissions for a super administrator invalid, but it doesn't... they can connect anyway because scopes are ignored on the super admin level
- Next, a user for the same portal with ALL permissions turned on but not a super admin, will reach this error. This is because the scopes are failing because the portal configuration doesn't allow for the content scope
Bottom line is: Super Admin can install any integration they want, without worrying about scope. Any other user needs to have the correct scope.
It's important to remember that just because all the permissions of a user are turned on to give them access, doesn't mean they have the right scopes. The portal configuration needs to be considered as well.