APIs & Integrations

Umar_Jamil
Member

How to Get Information for OAuth 2.0 Access Token & Refresh Token on localhost

Question is about How to Get Information for OAuth 2.0 Access Token & Refresh Token?

0 Upvotes
21 Replies 21
gotmike
Top Contributor

How to Get Information for OAuth 2.0 Access Token & Refresh Token on localhost

perhaps hubspot can provide a best-practice on how to accomplish this from a desktop app that integrates with hubspot and uses oauth…

0 Upvotes
gotmike
Top Contributor

How to Get Information for OAuth 2.0 Access Token & Refresh Token on localhost

@pmanca – we are also having this issue on desktop applications.

yes, you can get an SSL cert easily, but it takes a lot of jumping through hoops on the user side of things to install the certificate on a local computer.

and i don’t think you should consider it “rolling back” security b/c the obvious alternative is just to send people to grab their API key, but i’m sure your engineers would say that’s less ideal than using OAuth.

a good workaround would be to allow http instead of https only for localhost.

@Umar_Jamil – care to post your solution here?

0 Upvotes
Umar_Jamil
Member

How to Get Information for OAuth 2.0 Access Token & Refresh Token on localhost

So Guys i have resolved the issue my self by doing some changes, if any one facing that issue can ask me. I am getting access token and refresh token on my Localhost. I am attaching screen shot also.

I am printing the JSON Response As well for access_token and refresh_token

{“token”:“d9e27999-6d8d-4268-98ca-66aecf222037”,“user”:“testapi@hubspot.com”,“hub_domain”:“demo.hubapi.com”,“scopes”:[“oauth”,“automation”,“contacts”],“hub_id”:62515,“client_id”:“95c5e2ff-4748-473f-b4f4-2d7a3aef97a9”,“user_id”:215482,“token_type”:“refresh”}
{“token”:“CKC2iIS7KxICEQEYs-gDILqTDSiPxwIyGQBC-5ITaeumVoHX0Q2YpvHT-3Sl7OcP7zo”,“user”:“testapi@hubspot.com”,“hub_domain”:“demo.hubapi.com”,“scopes”:[“contacts”,“automation”,“oauth”],“hub_id”:62515,“app_id”:41871,“expires_in”:21596,“user_id”:215482,“token_type”:“access”}

0 Upvotes
tjoyce
Recognized Expert | Elite Partner
Recognized Expert | Elite Partner

How to Get Information for OAuth 2.0 Access Token & Refresh Token on localhost

You’re calling the hubspot endpoint unsecurely,
change http://api.hubapi.com/oauth/v1/access-tokens/CJSP5qf1KhICAQEYs-gDIIGOBii1hQIyGQAf3xBKmlwHjX7OIpuIFEavB2-qYAGQsF4
to
https://api.hubapi.com/oauth/v1/access-tokens/CJSP5qf1KhICAQEYs-gDIIGOBii1hQIyGQAf3xBKmlwHjX7OIpuIFEavB2-qYAGQsF4

Not sure if that fixes your error but couldn’t hurt

Also, did you change your access token in order to paste it here in the forum? That token doesn’t look right… I don’t think I’ve seen any with underscores instead of hyphens

0 Upvotes
Umar_Jamil
Member

How to Get Information for OAuth 2.0 Access Token & Refresh Token on localhost

@Tim_Joyce in the code behind that i am sending https but its returning me http address on localhost that is the issue. See this…

$dota = curl(‘https://api.hubapi.com/oauth/v1/access-tokens/’.$arrayofdata->access_token, ‘GET’, ‘’);

0 Upvotes
Umar_Jamil
Member

How to Get Information for OAuth 2.0 Access Token & Refresh Token on localhost

@pmanca Here are the Logs.

[Thu Apr 20 09:33:33.199810 2017] [:error] [pid 4880:tid 1864] [client ::1:50155] PHP Notice: Undefined index: access_token in C:\xampp\htdocs\untitled1\OAuth.php on line 94, referer: https://localhost/untitled1/OAuth.php
[Thu Apr 20 10:53:27.481551 2017] [:error] [pid 4880:tid 1872] [client ::1:52054] PHP Notice: Undefined index: access_token in C:\xampp\htdocs\untitled1\OAuth.php on line 94, referer: https://localhost/untitled1/OAuth.php
[Thu Apr 20 11:35:38.116906 2017] [:error] [pid 4880:tid 1864] [client ::1:53006] PHP Notice: Undefined index: access_token in C:\xampp\htdocs\untitled1\OAuth.php on line 94, referer: https://localhost/untitled1/OAuth.php

0 Upvotes
3PETE
HubSpot Employee
HubSpot Employee

How to Get Information for OAuth 2.0 Access Token & Refresh Token on localhost

@Umar_Jamil You need to print the error response from our servers. That should give us more information on the issue.

0 Upvotes
Umar_Jamil
Member

How to Get Information for OAuth 2.0 Access Token & Refresh Token on localhost

@pmanca the screenshot of the response was already pasted above. Kindly see that thread.

0 Upvotes
3PETE
HubSpot Employee
HubSpot Employee

How to Get Information for OAuth 2.0 Access Token & Refresh Token on localhost

@Umar_Jamil I’m looking for the raw response from our servers.

0 Upvotes
3PETE
HubSpot Employee
HubSpot Employee

How to Get Information for OAuth 2.0 Access Token & Refresh Token on localhost

@Umar_Jamil What issue are you running into?

A common one for localhost is that we require an encrypted callback, is your localhost encrypted?

0 Upvotes
COZYROC
Member

How to Get Information for OAuth 2.0 Access Token & Refresh Token on localhost

Hi Paul,

May I ask why do you require https for the callback? This is unusual compared to other APIs. In fact I have not seen any other API with such requirement. This is not easy to handle because it requires installation of certificates for the local callback. Can you please ask your colleagues to reconsider this requirement? Regular http should suffice and it is not large security breach because the provided authorization code has short life.

Also I have tried using the standard ‘urn:ietf:wg:oauth:2.0:oob’ as redirect_uri but apparently your authentication process doesn’t support it.

0 Upvotes
3PETE
HubSpot Employee
HubSpot Employee

How to Get Information for OAuth 2.0 Access Token & Refresh Token on localhost

@COZYROC Having an encrypted call back is simply a more secure way of setting of the OAuth flow. We won’t be rolling back to a less secure way in the future. You can always spin up a self-signed certificate if you want to do local testing.

0 Upvotes
COZYROC
Member

How to Get Information for OAuth 2.0 Access Token & Refresh Token on localhost

Paul,

We are talking about Desktop application authentication to Hubspot. By requiring you create self-signed certificate you are asking the customers to jump thru hoops. This is not user-friendly and makes access to Hubspot data much harder. I would recommend you take a look how other companies like for example Google have implemented their OAuth authentication to see requiring HTTPS callback is very unusual requirement. I hope you reconsider.

0 Upvotes
3PETE
HubSpot Employee
HubSpot Employee

How to Get Information for OAuth 2.0 Access Token & Refresh Token on localhost

@COZYROC I’m not sure where you got Paul from but that isn’t my name.

My apologies if you consider our OAuth flow to be not user friendly. We try and take security very serious here and will not be rolling back to a less secure way of handling our OAuth flow.

0 Upvotes
COZYROC
Member

How to Get Information for OAuth 2.0 Access Token & Refresh Token on localhost

Peter, Sorry! :wink:

Do you think Google doesn’t take security seriously? And it is not only Google. Microsoft, Twitter doesn’t require secure callbacks either. I have already stated the code returned in the callback is temporary and short-lived.

Please ask your team to reconsider for a minute. They might be wrong on this requirement.

0 Upvotes
Umar_Jamil
Member

How to Get Information for OAuth 2.0 Access Token & Refresh Token on localhost

I am using “https” on localhost with self signed certificate. But when i run my same code on “Postman” with refresh and access token its returning me a right JSON response as shown in the Hubspot documentation.

0 Upvotes
3PETE
HubSpot Employee
HubSpot Employee

How to Get Information for OAuth 2.0 Access Token & Refresh Token on localhost

@Umar_Jamil What error are you receiving?

0 Upvotes
Umar_Jamil
Member

How to Get Information for OAuth 2.0 Access Token & Refresh Token on localhost

@pmanca This is the error I am receiving on my localhost project. I am sending url as ‘https’ but its returning me ‘http’ this is may be the cause of error kindly see this.

0 Upvotes
3PETE
HubSpot Employee
HubSpot Employee

How to Get Information for OAuth 2.0 Access Token & Refresh Token on localhost

Is the access token up to date? That would happen if you didn’t request that token or if the token is expired.

0 Upvotes
Umar_Jamil
Member

How to Get Information for OAuth 2.0 Access Token & Refresh Token on localhost

@pmanca Yup its the latest token i just refresh that.

0 Upvotes