Solved: Re: One or more scopes are not configured for the ... - Constant Contact Community

WCCGoldenApple · ‎02-22-2022

I keep getting this error: invalid_scope with the description 'One or more scopes are not configured for the authorization server resource.'

I am trying to upgrade to the new authorization API https://v3.developer.constantcontact.com/api_guide/auth_update_apps.html

It was working fine with the previous method. I have not changed the scopes except to add offline_access.

Any suggestions or ideas?

Here is my control flow:

I redirect to:
https://authz.constantcontact.com/oauth2/default/v1/authorize?response_type=code&client_id=My_client...&redirect_uri=https%3A%2F%2Fwww.westchestercycleclub.org%2FSystem%2FconstantContact%2Ftoken&scope=account_read%2Baccount_update%2Bcontact_data%2Bcampaign_data%2Boffline_access&state=c0cd350b22c0a63c

I get back the following from the GET parameters at the redirect_uri I specified (state looks like what I passed in, so that works):
    [state] => c0cd350b22c0a63c
    [error] => invalid_scope
    [error_description] => One or more scopes are not configured for the authorization server resource.

QgivP · ‎02-25-2022

Not sure if this helps or not, but we were running into a similar issue; it looks like in the URL you posted you have your scope url-encoded, so the "+" shows up as %2B.

On our end we were able to fix our issue by excluding the scope line from being url-encoded so the "+" characters generate as a "+", and not as "%2B".

Hopefully this helps! On the old authorize endpoints %2B was working without any problems, so I guess this new one for some reason isn't handling properly when it is url-encoded.

View solution in original post

QgivP · ‎02-25-2022

Not sure if this helps or not, but we were running into a similar issue; it looks like in the URL you posted you have your scope url-encoded, so the "+" shows up as %2B.

On our end we were able to fix our issue by excluding the scope line from being url-encoded so the "+" characters generate as a "+", and not as "%2B".

Hopefully this helps! On the old authorize endpoints %2B was working without any problems, so I guess this new one for some reason isn't handling properly when it is url-encoded.

user915548 · ‎02-26-2022

Hello Team,

I am also getting the same problem again and again.

Can you please fix this issue ASAP ?

WCCGoldenApple · ‎02-28-2022

@QgivP

,

That was the problem. I needed to change the correctly encoded URL with %2B to the normal plus (+) character! I will see if I can submit a bug report.

Thanks!

John__B · ‎03-07-2022

Hello @WCCGoldenApple , @QgivP & @user915548,

Thank you for reaching out to Constant Contact API Developer Support. My team is here to assist outside software developers with questions about building into Constant Contact's API.

We greatly appreciate you bringing this to our attention. We have been able to replicate the invalid scope responses you have received when encoding the scopes portion of the authorization request URL. I’m going to bring this to our development team for further investigation and update our documentation accordingly. In the meantime, we have found through testing that excluding the scopes portion of the URL from being encoded so the “+” characters generate as “+” and not “%2B” will allow the authorization request to be successful.

Please let us know if you have any other questions!

Regards,

John B.
API Support Specialist
Did I answer your question? If so, please mark my post as an "Accepted Solution" by clicking the Accept as Solution button in the bottom right hand corner of this post.

One or more scopes are not configured for the authorization server resource.

Developer Portal

API Updates