Our marketplace app requests webinar scopes so that it can query webinars, etc.
Not everyone has the webinar license, which is fine, but after oauth, we’re getting back the webinar-related scopes we request — even for accounts that haven’t purchased webinars. I expected that the scopes for features that a user/account doesn’t have would not be returned… Am I wrong?
Hi @Built
Thanks for reaching out to us!
Do you see these scopes after the apps is authorized?
Are the webinar scopes marked as optional in your app buildflow?
Yes, the webinar scopes come back with the refresh token.
No, they’re not optional — we’re not looking to give them control over those choices, really. I just expected that if their account doesn’t have a webinar license, the scope wouldn’t be returned.
HI @Built ,
You are asking for access to scopes. The system has given you access to those scopes.
It is not going to check if the scopes can be used for a speicific customers or situation., It is just a security check for your viablity to run those scopes.
You need to make sure when you run the API that you are able to deal with the results of the API if the user can not have any webinars.
It is jsut that simple.
I always check that the scopes I requested are all there
All the best
John
Hi @Built
I was able to replicate this issue.
I created an app with webinar scopes and I authorized the app using an account that does not have webinar license.
Even though I got the scopes attached to my access token, when I try to access a webinar endpoint, I get a 400 Bad Request: “Webinar plan is missing”