How to Fix the Invalid_Scope Error in WordPress Postman SMTP Plugin

As a WordPress user, I like to share tips related to issues that I have encountered in WordPress. The issue with email not working in WordPress is fairly common. There are several reasons for this, but in this article I will focus on one of the solutions rather than talking about why sometimes the email delivery may have issues in WordPress.

Postman SMTP Plugin

If you are having problems with your email delivery in WordPress, try the Postman SMTP plugin. It’s a very popular plugin with over 100,000+ installs, but unfortunately it has not been updated for at least a year. This plugin helps with the delivery of email generated by WordPress. The plugin uses Gmail, Hotmail, and Yahoo’s proprietary implementation of OAuth 2.0. This offers better security because your password doesn’t need to be stored in WordPress. Postman SMTP plugin can detect firewall blocks and tel you which ports have been blocked and what you can do about it. Some hosting providers, like GoDaddy, may block the default SMTP port. However, if common ports like 25, 587, and 465 are blocked, the plugin can still deliver the messages using HTTPS. For Gmail, it uses OAuth 2.0 and Gmail API to deliver your WordPress messages which can be really helpful in a lot of situations when the email delivery is having issues.

When Postman SMTP has been properly configured, the screen looks like this. You can click on Show All Settings to get all the details of your configuration.

Error: Invalid_Scope

I have configured this plugin multiple times for different Web sites. Recently, I ran into an issue while configuring the Postman SMTP plugin. I used the wizard (the blue Start the Wizard button) to setup the plugin. I provided the Gmail address that I was using for the Web site. I then provided the outgoing mail server hostname, which is smtp.gmail.com for Gmail. In step 4 it performed the Connectivity Test and I select Gmail API for the socket and OAuth 2.0 for authentication. It is the only option listed and requires Client ID and Client Secret.

On the Authentication step 5, I opened the Google Developers Console Gmail Wizard to create a Client ID for Web application. The plugin provides the Authorized JavaScript origins and the Authorized redirect URI, so I only had to get the Client ID and Client Secret. I made sure I was logged into the same Gmail account in my browser that I was using in WordPress (Settings, General).

I followed the instructions to create the Client ID and Client Secret. If you are know to this kind of setup, you may have to refer to the article in the above screen How do I get a Google Client ID? I used the Authorized JavaScript origins and Authorized redirect URI provided by Postman SMTP plugin to create the Client ID and Client Secret on Google’s Web site. Everything looked okay but I noticed an error on top of the page indicating the I need to get permission. I clicked on the link Grant permission with Google under the Actions (see the first image above). It took me to the login screen for my Gmail account that I was using for this Web site email notifications. Even if you are logged in to your Gmail account you will still be taken to the login screen for your Gmail account. I entered the email on the first screen, but as soon as I entered the password on the second screen I received the following error.

400. That’s an error.

Error: invalid_scope

You don’t have permission to access some scopes. Your project is trying to access scopes that need to go through the verification process. {invalid = [https://mail.google.com/]} If you need to use one of these scopes, submit a verification request.

Learn more

That’s all we know.

In case you are wondering why I type the entire error message and also insert an image of the error, I do it so that the search engines can pick the error message and help readers find my article.

How to Fix the Error

If you run into this error, click on the Learn more link in the above error. You will be taken to the article titled OAuth Developer Verification Form. Here you will notice a link to Risky Access Permissions By Unreviewed Apps. Click this link and join this Google group. As soon as you join this Google group and go back to Postman SMTP plugin, you will notice the error about the permissions is gone. Once you join the Google group, you will see the welcome message. Read this page…..every single word! This page has some very useful information.

Among other things, the above page also tells you that once you are done with the OAuth approval page and able to test your app, you should leave the group. Good idea. Click the My Settings link in the upper right-hand corner and select Leave this group.

That’s it. At this point, you should be able to send a test email successfully under Actions (see the first image at the beginning of this article).

Copyright © 2017 SeattlePro Enterprises, LLC. All rights reserved.