Problem requesting multiple scopes using OAuth 2


#1

As the topic suggests, requesting multiple scopes for an app fails while requesting a single scope succeeds.

For example, both

https://app.hubspot.com/oauth/authorize?client_id={clientId}&scopes=contacts&redirect_uri={redirectUri}

and

https://app.hubspot.com/oauth/authorize?client_id={clientId}&scopes=content&redirect_uri={redirectUri}

work, yet

https://app.hubspot.com/oauth/authorize?client_id={clientId}&scopes=content+contacts&redirect_uri={redirectUri}

fails, stating that

The integrator does not have permissions to request the set of scopes. Please contact the integrator.

Is this a (known) bug?


#2

Hi @pradics

Do you still have this problem if you swap the + separating the scopes with either an actual space or %20? This may be a mistake in the docs saying that you can use the +.


OAuth for CRM and scopes
#3

Yes, it seems like using %20 in the query parameter works…
However, this is incorrect encoding for application/x-www-form-urlencoded data and query parameters, so I hope you will look into fixing this, since it requires additional implementation client-side to produce a custom query string…

Good stackoverflow thread on this topic (for some reason the forum doesn’t want me to post a link…):

http://stackoverflow.com/questions/1634271/url-encoding-the-space-character-or-20


#4

I agree with @pradics here -> the custom %20 encoding in scopes requires an additional client-side code to produce this. Could you fix this to be + ?