Invalid Scope Error connecting to external salesforce org

  • 1
  • Problem
  • Updated 2 years ago
  • Acknowledged
This is a continuation of another thread which was marked as solved.

The below problem remains unsolved:

Now I'm getting this error in the url of the auth popup:
error=invalid_scope&error_description=the+requested+scope+is+not+allowed

The connected app scope:


The authentication source details:


What am I missing here?

The instructions say that the scope must match, and they do, as far as I can tell.

Why might I be getting this error?
Photo of Matt Sones

Matt Sones, Champion

  • 31,478 Points 20k badge 2x thumb

Posted 2 years ago

  • 1
Photo of Matt Sones

Matt Sones, Champion

  • 31,478 Points 20k badge 2x thumb
Here is the full url of the popup:
https://compasscare.my.salesforce.com/setup/secur/RemoteAccessErrorPage.apexp?error=invalid_scope&error_description=the+requested+scope+is+not+allowed
And this is what it looks like:
Photo of Zach McElrath

Zach McElrath, Employee

  • 49,056 Points 20k badge 2x thumb
This shouldn't be necessary, but it's an idea: try adding the api scope to the list of allowed scopes for your Connected App.
Photo of Matt Sones

Matt Sones, Champion

  • 31,478 Points 20k badge 2x thumb
That actually worked!

I added api to the scopes of the connected app and the default scopes of the authentication providers.

That caused the "allow access" dialog to popup when I reloaded my test page:
Photo of Zach McElrath

Zach McElrath, Employee

  • 49,056 Points 20k badge 2x thumb
Looks like there's currently a bug where Skuid is always requesting the api and refresh_token scopes regardless of your Auth Provider's configured settings -- if you request additional scopes, e.g. full, it will request those as well, but at a minimum it is always requesting api and refresh_token.

We're going to change this so that only the scopes you actually request will be requested.

In the meantime, there's an easy workaround --- in your Salesforce Connected App, always request at a minimum the api, full, and refresh_token scopes.