When setting up a Discord bot, you may encounter an error page that says “Invalid Scope” after authorizing the bot through the OAuth2 flow, even though you carefully selected the correct scopes in the Discord Developer Portal. This error stops the bot from joining your server and prevents any functionality from being granted. The root cause is almost always a mismatch between the scopes listed in the OAuth2 URL and the scopes your bot application is actually configured to use. This article explains exactly why this mismatch happens and provides a step-by-step fix to resolve it.
Key Takeaways: Fixing the Invalid Scope Error on Discord Bot Authorization
- OAuth2 URL Generator > Scopes section: The scopes you select here must exactly match the scopes your bot requires in its code. A mismatch causes the error.
- Bot > Privileged Gateway Intents: Enabling intents like Server Members or Message Content does not automatically include them in the OAuth2 scopes. You must also select the matching scope.
- OAuth2 URL Generator > Redirects section: If you use a custom redirect URI, it must be registered here. An unregistered URI combined with a scope mismatch can trigger the error.
Why Discord Returns “Invalid Scope” During OAuth Authorization
The “Invalid Scope” error occurs because Discord’s OAuth2 system validates the scopes in the authorization URL against the bot application’s configuration. Every scope you include in the URL must be one that the application is allowed to request. If you include a scope that is not enabled for the bot, Discord rejects the entire request.
There are three main reasons this happens:
1. Scope Not Enabled in the Developer Portal
The most common cause is selecting a scope in the OAuth2 URL Generator that is not actually enabled for the bot. For example, the bot scope must be explicitly enabled. The applications.commands scope also needs to be enabled for slash commands. If you select these scopes but they are not activated in the Bot settings, the validation fails.
2. Privileged Gateway Intent Not Matched to Scope
Privileged Gateway Intents like Server Members Intent, Message Content Intent, and Presence Intent are separate from OAuth2 scopes. Enabling an intent in the Bot settings does not automatically add the corresponding OAuth2 scope. If your bot code requires the guilds.members.read scope but you only enabled the Server Members Intent, the scope is missing from the URL. The error appears because the scope is not in the URL at all.
3. Incorrect Redirect URI
If your OAuth2 URL includes a redirect URI that is not registered in the Developer Portal, Discord may return a generic error that includes “Invalid Scope” in the message. This happens because the redirect validation occurs before scope validation. Fixing the redirect URI resolves the issue.
Steps to Fix the “Invalid Scope” Error When Authorizing a Discord Bot
Follow these steps in order. Do not skip any step.
- Open the Discord Developer Portal and select your bot application
Go to the Discord Developer Portal at https://discord.com/developers/applications. Sign in with the account that owns the bot. Click on the application that is returning the error. - Go to the Bot settings page and verify the Privileged Gateway Intents
In the left sidebar, click “Bot”. Scroll to the Privileged Gateway Intents section. Check which intents are enabled. Write them down. For example, if you need the bot to read message content, ensure “Message Content Intent” is enabled. If you need it to see all server members, enable “Server Members Intent”. - Go to the OAuth2 > URL Generator page
In the left sidebar, click “OAuth2” then “URL Generator”. This is where you build the authorization URL. - Select the correct scopes in the Scopes section
In the Scopes section, select the scopes your bot actually needs. The most common scopes are:–
bot: Required for any bot that joins a server.
–applications.commands: Required for slash commands.
–guilds: Allows the bot to view guilds it is in.
–guilds.members.read: Required if you enabled Server Members Intent.
–messages.read: Required if you enabled Message Content Intent.If you enabled a privileged intent in Step 2, you must also select the matching scope here. For example, if you enabled Server Members Intent, select
guilds.members.read. If you enabled Message Content Intent, selectmessages.read. - Set the redirect URI correctly
In the Redirects section, enter the exact URL your application uses for OAuth2 callbacks. If you do not have a custom redirect, leave this blank. If you use a custom redirect, click “Add Redirect” and type the full URL. For testing, you can usehttps://localhost. Do not include a trailing slash unless the URL requires it. - Generate the URL and copy it
At the bottom of the URL Generator page, click “Copy” to copy the generated URL. Do not modify the URL manually. Any manual change can introduce an invalid scope. - Open the URL in a new browser tab or window
Paste the URL into a new browser tab. You will be asked to select a server. Choose the server you want the bot to join. Click “Authorize”. The error should no longer appear. - If the error persists, check the bot code for scope requirements
Some bot libraries require you to specify scopes in code. For example, discord.js uses theClientconstructor with anintentsarray. If your code requests a scope that is not in the URL, add that scope to the URL Generator. Common missing scopes areguildsandguilds.members.read.
If Discord Still Returns “Invalid Scope” After the Main Fix
The error appears only on mobile browsers
Mobile browsers sometimes cache old OAuth2 redirects. Clear the browser cache or use a private browsing window. Then copy the URL from the Developer Portal again and paste it into the private window.
The bot code uses a different scope than what is in the URL
Check your bot’s source code. In discord.py, the Bot constructor accepts an intents parameter. If you set intents.message_content = True, you must add the messages.read scope to the URL. If you set intents.members = True, add guilds.members.read. Update the URL Generator with the missing scope and generate a new URL.
The bot application has a different owner than the one authorizing
Only the bot application owner can authorize the bot for the first time. If you are trying to authorize a bot that you do not own, you will see an error. The scope validation still runs, but the error message may say “Invalid Scope” instead of a permission error. Make sure you are logged into the account that owns the application.
OAuth2 Scopes for Discord Bots: Common Scopes vs Privileged Scopes
| Scope | What It Does | Requires Privileged Intent? |
|---|---|---|
| bot | Allows the bot to join a server and perform basic actions | No |
| applications.commands | Allows the bot to register and use slash commands | No |
| guilds | Allows the bot to view basic guild information | No |
| guilds.members.read | Allows the bot to read member lists and join/leave events | Yes — Server Members Intent must be enabled |
| messages.read | Allows the bot to read message content | Yes — Message Content Intent must be enabled |
When you enable a privileged intent in the Bot settings, you must also add the matching scope to the OAuth2 URL. If you do not, the scope is missing and Discord returns “Invalid Scope”.
Now you can fix the “Invalid Scope” error by matching the scopes in the URL Generator to the intents enabled in the Bot settings and the scopes required by your bot code. Always generate a fresh URL from the Developer Portal instead of reusing an old one. If your bot needs both slash commands and message reading, select both applications.commands and messages.read in the scopes list. This approach prevents the error from returning.