One or more scopes are not configured for the authorization server resource.

SOLVED
Go to solution
WCCGoldenApple
Brand Strategist
0 Votes

I keep getting this error: invalid_scope with the description 'One or more scopes are not configured for the authorization server resource.'

 

I am trying to upgrade to the new authorization API https://v3.developer.constantcontact.com/api_guide/auth_update_apps.html

It was working fine with the previous method.  I have not changed the scopes except to add offline_access.

 

Any suggestions or ideas?

 

Here is my control flow:

I redirect to:
https://authz.constantcontact.com/oauth2/default/v1/authorize?response_type=code&client_id=My_client...&redirect_uri=https%3A%2F%2Fwww.westchestercycleclub.org%2FSystem%2FconstantContact%2Ftoken&scope=account_read%2Baccount_update%2Bcontact_data%2Bcampaign_data%2Boffline_access&state=c0cd350b22c0a63c
I get back the following from the GET parameters at the redirect_uri I specified (state looks like what I passed in, so that works): [state] => c0cd350b22c0a63c [error] => invalid_scope [error_description] => One or more scopes are not configured for the authorization server resource.

 

1 ACCEPTED SOLUTION
QgivP
Rookie

Not sure if this helps or not, but we were running into a similar issue; it looks like in the URL you posted you have your scope url-encoded, so the "+" shows up as %2B.

 

On our end we were able to fix our issue by excluding the scope line from being url-encoded so the "+" characters generate as a "+", and not as "%2B".

 

Hopefully this helps!  On the old authorize endpoints %2B was working without any problems, so I guess this new one for some reason isn't handling properly when it is url-encoded.

View solution in original post

4 REPLIES 4
QgivP
Rookie

Not sure if this helps or not, but we were running into a similar issue; it looks like in the URL you posted you have your scope url-encoded, so the "+" shows up as %2B.

 

On our end we were able to fix our issue by excluding the scope line from being url-encoded so the "+" characters generate as a "+", and not as "%2B".

 

Hopefully this helps!  On the old authorize endpoints %2B was working without any problems, so I guess this new one for some reason isn't handling properly when it is url-encoded.

user915548
Rookie
0 Votes

Hello Team,

I am also getting the same problem again and again. 

Can you please fix this issue ASAP ?

WCCGoldenApple
Brand Strategist
0 Votes
,
 
 That was the problem.  I needed to change the correctly encoded URL with %2B to the normal plus (+) character!  I will see if I can submit a bug report.
 
 Thanks!
John__B
Employee
0 Votes

Hello @WCCGoldenApple , @QgivP & @user915548

 

Thank you for reaching out to Constant Contact API Developer Support. My team is here to assist outside software developers with questions about building into Constant Contact's API.

 

We greatly appreciate you bringing this to our attention. We have been able to replicate the invalid scope responses you have received when encoding the scopes portion of the authorization request URL. I’m going to bring this to our development team for further investigation and update our documentation accordingly. In the meantime, we have found through testing that excluding the scopes portion of the URL from being encoded so the “+” characters generate as “+” and not “%2B” will allow the authorization request to be successful. 

 

Please let us know if you have any other questions!

 

Regards,


John B.
API Support Specialist
Did I answer your question? If so, please mark my post as an "Accepted Solution" by clicking the Accept as Solution button in the bottom right hand corner of this post.
Resources
Developer Portal

View API documentation, code samples, get your API key.

Visit Page

Announcements

API Updates

Join our list to be notified of new features and updates to our V3 API.

Sign Up