APIs & Integrations

plytix
Member

Permissions error trying to install our own APP

Hello,

We have created our own app. In first step creating app, we have choose “private app” ( One off Only my portal will get value out of this amazing app).

The owner of the app (developer account) is developer@domain.com
The owner of the account is account@domain.com

the owner of the app (developer@domain.com) has account administrator and sales administrator permissions in the account.

When the owner of the app or owner of the account tries to install app (https://app.hubspot.com/oauth/authorize?client_id=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx&scopes=contac...), we get a Uh oh! You do not have the correct role to grant these permissions. Please contact your administrator.

Our App ID is: 36676
Our Portal ID is: 596253

Thanks for your help!

0 Upvotes
31 Replies 31
vvdanila
Member

Permissions error trying to install our own APP

Hi @dadams! I built an integration that works fine with the Hubspot testing account but gives out the “don’t have permission … contact administrator…” when trying to integrate with a regular Marketing account. Hub ID of the development account is 3460349. The Hub ID of the regular account I am trying to link to the app is 3856364. The app I built is called Datavalidation and is in the developer account. We are ready to release this integration to our clients once this is cleared. Many thanks!

0 Upvotes
Dadams
HubSpot Employee
HubSpot Employee

Permissions error trying to install our own APP

@varun @Tamas_Pal Are you trying to authorize your developer account? or a separate test portal? Developer accounts won’t be to install any apps, so if that is the case you’d need to create a test portal for any testing you want to do:

How do I create a test portal?

Test portals can be used to test your integration without affecting your live HubSpot data.

Otherwise, if you’re authenticating your production account, double check to make sure that the scopes you’re requesting are available for the type of account you’re trying to authorize. There’s a list of the scopes and the accounts they’d work for here:

Initiate an Integration with Oauth 2.0

https://app.hubspot.com/oauth/authorize - Initiate authentication for an app using OAuth 2.0

If you’re using a scope that should work with your account and still seeing that message, can you send me your Hub ID and the scopes you’re requesting so I can take a look?

0 Upvotes
Tamas_Pal
Member

Permissions error trying to install our own APP

It’s incredible how this issue hasn’t been fixed yet :confused: The JIRA issue on our project has been blocked for 2+ months lol

0 Upvotes
varun
Member

Permissions error trying to install our own APP

Hi guys, I’m having this exact same problem, anybody found a solution?

for our developer account, I’m the Account administrator and
Developers administrator

for our own Hubspot account, I’m the Account administrator
Sales administrator

I’m admin for both, so don’t understand why i’m getting this “Uh oh!
You do not have the correct role to grant these permissions. Please contact your administrator.” error.

Thanks for the help!

Not applicable

Permissions error trying to install our own APP

@dadams I’m also facing this issue. I created an APP in a dev account, and selected the just the “contacts” scope in the app panel. And I’m sure that I’m passing the exact same scope to HubSpot. Getting the authorization code works perfectly fine. I can even see in the URL for the Authorization page the scope passed:

https://app.hubspot.com/oauth/2732053/authorize?response_type=code&redirect_uri=REDIRECT_URI&scope=c...

But when I try to get the tokens using the following URL:

https://api.hubapi.com/oauth/v1/token?grant_type=authorization_code&redirect_uri=REDIRECT_URL&client...

I see the following error:

{“error”:“access_denied”,“error_description”:“missing or invalid scopes”}

Can you please help me with that?

0 Upvotes
jsimone
Member

Permissions error trying to install our own APP

{"error":"access_denied","error_description":"missing or invalid scopes"}

I am seeing the same issue since last week. No one has replied to me yet. :frowning:

0 Upvotes
Casey_Thompson
Member

Permissions error trying to install our own APP

@dadams Our app does use these scopes when they are available. We do provide access to read information from the Blog API for instance. However, as you stated, if the specific portal being used does not have access to that information, it returns an error. We do not currently have special handling for these kinds of errors, but it is something that is a better user experience than nothing working.

We could either throw a more explicit error indicating that the portal being used does not have access to the features. Or we could also just return no information and not error.

0 Upvotes
Casey_Thompson
Member

Permissions error trying to install our own APP

@dadams Currently we do not have any handling for portals with limited scopes. We submit the scopes “events-rw settings-rw contacts-rw offline” for every portal. This appears to work without issue. I can also add blog-rw, and keyword-rw to what is requested without it causing a problem for the returned oauth token. I do not currently see any changes in the dialog for authorization when I do this.

0 Upvotes
Dadams
HubSpot Employee
HubSpot Employee

Permissions error trying to install our own APP

@Casey_Thompson is your app actually using all of those scopes? For example, you’re using the Blog API, and a CRM-only portal connects to your app, the portal could authorize the connection, but you’d get an error if you tried to make requests against the Blog API. Does your app currently have any special error handling for that type of error?

0 Upvotes
Casey_Thompson
Member

Permissions error trying to install our own APP

@dadams We tried implementing the new OAuth 2.0 changes in our tool, but the flow does not work fluidly across different portals. We get the same error mentioned in the OP depending on scopes specified and what type of portal the user selects.

  • We tried an App where we requested all five scopes from the standard HubSpot test portal available for all developers. This one returns just fine.

  • We tried the same App where we requested all five scopes for a Sales portal. This results in the error from the OP “You do not have the correct role to grant these permissions”.

  • We tried the same App against a Sales portal with just the “contacts” and “timeline” scope in the request. This time it works correctly.

  • We tried the same App against a developer portal using the “contacts” and “timeline” scope. It throws the same error as the OP.

  • We tried the same App against the developer portal using just the “timeline” scope. This time it works correctly.

The problem with this model is that you have to know what kind of portal the user is going to select before they log into HubSpot to get an access token. They could select one that has what you requested available, or something that has less. This means there is a very low probability to configure something that will work for a given user, and no possibility to design something that will work for everyone.

Is there no way for HubSpot to ignore the scopes that are not even available, similar to how the OAuth 1.0 implementation worked?

0 Upvotes
Dadams
HubSpot Employee
HubSpot Employee

Permissions error trying to install our own APP

@Casey_Thompson there’s not a good way to tell what scopes a portal will have ahead of time (outside of knowing which type of portal the user wants to authenticate with before sending them to the OAuth flow), and we’ll be taking another look at that flow.

Can you tell me more about how your app is currently handling portals that have limited scopes?

0 Upvotes
geniiweb
Member

Permissions error trying to install our own APP

@dadams

Hi,

I have created a new app (id 37389) and I am trying to install it in my test portal (id 2645075).

I am accessing https://app.hubspot.com/oauth/2645075/authorize?client_id=xxx&scope=contacts&redirect_uri=http%3A%2F...
and everything is fine. I see the list of permissions.

However, when I click on grant access I am taken to this page:

HubSpot | Inbound Marketing & Sales Software

HubSpot is an inbound marketing and sales platform that helps companies attract visitors, convert leads, and close customers.

Please advise.

Kind regards,
Ovi

0 Upvotes
Dadams
HubSpot Employee
HubSpot Employee

Permissions error trying to install our own APP

@geniiweb the scopes you request in the authorization URL should exactly match the scopes you have selected for the app in the app settings, so if you’re only including the contacts scope in the URL, you’d also only want the contacts scope checked for the app.

0 Upvotes
geniiweb
Member

Permissions error trying to install our own APP

@dadams Thank you very much for the quick reply. I was able to install the app. I matched the scopes exactly from the URL with the ones from the app settings. However, I have another problem. After installing the APP, I added a contact through the API (using the API key), but I do not see it in my test portal where the app is installed. I know for sure that the contact has been added because I can retrieve it through API calls. How can I see in my test portal the data that I am adding through the API?

Also worth mentioning is that I tested also through the Hubspot Demo Portal and there I was able to see the contacts that I added through the API.

0 Upvotes
Dadams
HubSpot Employee
HubSpot Employee

Permissions error trying to install our own APP

API keys are portal specific, so you’ll need to make sure that you’re looking in the same portal that you’re using the API key for. If you’re working with test portals inside your developer account, each individual test portal has it’s own API key, so you’d need to generate and use the key for the specific portal that you’re logged into and looking at the Contacts Dashboard.

0 Upvotes
geniiweb
Member

Permissions error trying to install our own APP

Thank you. I generated a new API key from my test portal and everything worked fine.

0 Upvotes
Ralph_Samuel
Member

Permissions error trying to install our own APP

I am using oauth, and I am getting a 20X response code. 204 i believe.

0 Upvotes
Ralph_Samuel
Member

Permissions error trying to install our own APP

I will attempt to test it more today and provide a better reproduction case.

0 Upvotes
111
Member

Permissions error trying to install our own APP

I’m also getting this error. I have two accounts. One is developer account other is plain.
I can grant permissions for developer account but not for plain. Why it is?

0 Upvotes
Dadams
HubSpot Employee
HubSpot Employee

Permissions error trying to install our own APP

@111 What scopes are you using for this? Can you message me with the two Hub IDs you’re testing?

0 Upvotes