The OAuth 2.0 system is more strict when it comes to authorizing apps, but users will still need to be some type of administrator to authorize an app, and the administrator type would need to line up with the permissions requested. As an example, a Sales Admin would not be able to authorize an app requesting the
content scope, since they wouldn’t have access to the content tools, but a Marketing Admin would. Account Admins would be able to approve any scopes that the portal has access to.
If you’re seeing that message when logged in as an admin that would have the correct permissions, then it’s likely that the portal itself doesn’t have the correct permissions. For example, you would see that error when requesting the
content scope on a CRM only portal, since it wouldn’t have access to the content tools. We get that that message is misleading for that particular case, and we do have plans to improve some of the error messages for the authorization process.