Hello there and thanks in advance.
I have two doubts, actually.
What should I do after my server receives the code and exchange it for an access token? Normally, the user remains in the authorized website after an OAuth process. But on this case, I think I should redirect the user back to Hubspot. But where?
The second doubt is related to the first one. On the market for integrations, there are two kinds of installations: one that opens a new window (Google Calendar) and another that opens a new tab (Zapier). The first one seems to be the other way around: Google is the authorizer and Hubspot is the authorized. When I install Google Calendar, there must be a
window.postMessage()in order to close the new browser window. This is what I actually want, but I don't see my app as an authorizer, but rather as an authorized by Hubspot.
In either case, I cannot see how the URL responsible for initiating an installation (seen here) can be used on the market for integrations. Zapier, for example, which opens on a new tab, does not appear to use it.