I implemented constant contacts OAuth flow and added all the required params and scopes. The scopes I added are campaign_data, offline_access and contact_data. As the documentation suggests we need user to allow offline_access scope in order to get access_token and refresh_token.
Request for authorization:
Thank you for reaching out to Constant Contact API Developer Support. My team is here to assist outside software developers with questions about building into Constant Contact's API.
It looks like we've already followed up with you directly via email, but I wanted to close the loop here as well. If you haven't received our reply, please let us know via email at firstname.lastname@example.org, and reference case number 30720550.
Please have a look and let us know if you have any other questions!