In this example, the user has Marketing Admin, Sales Admin, and Reporting Admin permissions.
This leads me to assume the granting user must be a Super Admin / Account Admin, but I’d love to hear official confirmation from HubSpot. In the past, we were able to authorize OAuth 1.0 apps without the account admin role.
The OAuth 2.0 system is more strict when it comes to authorizing apps, but users will still need to be some type of administrator to authorize an app, and the administrator type would need to line up with the permissions requested. As an example, a Sales Admin would not be able to authorize an app requesting the content scope, since they wouldn’t have access to the content tools, but a Marketing Admin would. Account Admins would be able to approve any scopes that the portal has access to.
If you’re seeing that message when logged in as an admin that would have the correct permissions, then it’s likely that the portal itself doesn’t have the correct permissions. For example, you would see that error when requesting the content scope on a CRM only portal, since it wouldn’t have access to the content tools. We get that that message is misleading for that particular case, and we do have plans to improve some of the error messages for the authorization process.
What permissions are needed to grant OAuth 2.0 to an app?
Thanks @dadams! It will be most helpful to see a more contextual error regarding which portal or user account permissions are missing. We updated the scope for our app and it greatly improved the success rate of our re-authorizations.