How to Get Information for OAuth 2.0 Access Token & Refresh Token on localhost

oauth

#1

Question is about How to Get Information for OAuth 2.0 Access Token & Refresh Token?


#2

@Umar_Jamil What issue are you running into?

A common one for localhost is that we require an encrypted callback, is your localhost encrypted?


#3

I am using “https” on localhost with self signed certificate. But when i run my same code on “Postman” with refresh and access token its returning me a right JSON response as shown in the Hubspot documentation.


#4

@Umar_Jamil What error are you receiving?


#5

@pmanca This is the error I am receiving on my localhost project. I am sending url as ‘https’ but its returning me ‘http’ this is may be the cause of error kindly see this.


#6

Is the access token up to date? That would happen if you didn’t request that token or if the token is expired.


#7

@pmanca Yup its the latest token i just refresh that.


#8

@Umar_Jamil Can you log to your terminal the full error and then share that please.


#9

@pmanca Here are the Logs.

[Thu Apr 20 09:33:33.199810 2017] [:error] [pid 4880:tid 1864] [client ::1:50155] PHP Notice: Undefined index: access_token in C:\xampp\htdocs\untitled1\OAuth.php on line 94, referer: https://localhost/untitled1/OAuth.php
[Thu Apr 20 10:53:27.481551 2017] [:error] [pid 4880:tid 1872] [client ::1:52054] PHP Notice: Undefined index: access_token in C:\xampp\htdocs\untitled1\OAuth.php on line 94, referer: https://localhost/untitled1/OAuth.php
[Thu Apr 20 11:35:38.116906 2017] [:error] [pid 4880:tid 1864] [client ::1:53006] PHP Notice: Undefined index: access_token in C:\xampp\htdocs\untitled1\OAuth.php on line 94, referer: https://localhost/untitled1/OAuth.php


#10

@Umar_Jamil You need to print the error response from our servers. That should give us more information on the issue.


#11

You’re calling the hubspot endpoint unsecurely,
change http://api.hubapi.com/oauth/v1/access-tokens/CJSP5qf1KhICAQEYs-gDIIGOBii1hQIyGQAf3xBKmlwHjX7OIpuIFEavB2-qYAGQsF4
to
https://api.hubapi.com/oauth/v1/access-tokens/CJSP5qf1KhICAQEYs-gDIIGOBii1hQIyGQAf3xBKmlwHjX7OIpuIFEavB2-qYAGQsF4

Not sure if that fixes your error but couldn’t hurt

Also, did you change your access token in order to paste it here in the forum? That token doesn’t look right… I don’t think I’ve seen any with underscores instead of hyphens


#12

@Tim_Joyce in the code behind that i am sending https but its returning me http address on localhost that is the issue. See this…

$dota = curl(‘https://api.hubapi.com/oauth/v1/access-tokens/’.$arrayofdata->access_token, ‘GET’, ‘’);


#13

@pmanca the screenshot of the response was already pasted above. Kindly see that thread.


#14

@Umar_Jamil I’m looking for the raw response from our servers.


#15

Hi Paul,

May I ask why do you require https for the callback? This is unusual compared to other APIs. In fact I have not seen any other API with such requirement. This is not easy to handle because it requires installation of certificates for the local callback. Can you please ask your colleagues to reconsider this requirement? Regular http should suffice and it is not large security breach because the provided authorization code has short life.

Also I have tried using the standard ‘urn:ietf:wg:oauth:2.0:oob’ as redirect_uri but apparently your authentication process doesn’t support it.


#16

@COZYROC Having an encrypted call back is simply a more secure way of setting of the OAuth flow. We won’t be rolling back to a less secure way in the future. You can always spin up a self-signed certificate if you want to do local testing.


#17

Paul,

We are talking about Desktop application authentication to Hubspot. By requiring you create self-signed certificate you are asking the customers to jump thru hoops. This is not user-friendly and makes access to Hubspot data much harder. I would recommend you take a look how other companies like for example Google have implemented their OAuth authentication to see requiring HTTPS callback is very unusual requirement. I hope you reconsider.


#18

@COZYROC I’m not sure where you got Paul from but that isn’t my name.

My apologies if you consider our OAuth flow to be not user friendly. We try and take security very serious here and will not be rolling back to a less secure way of handling our OAuth flow.


#19

Peter, Sorry! :wink:

Do you think Google doesn’t take security seriously? And it is not only Google. Microsoft, Twitter doesn’t require secure callbacks either. I have already stated the code returned in the callback is temporary and short-lived.

Please ask your team to reconsider for a minute. They might be wrong on this requirement.


#20

So Guys i have resolved the issue my self by doing some changes, if any one facing that issue can ask me. I am getting access token and refresh token on my Localhost. I am attaching screen shot also.

I am printing the JSON Response As well for access_token and refresh_token

{“token”:“d9e27999-6d8d-4268-98ca-66aecf222037”,“user”:“testapi@hubspot.com”,“hub_domain”:“demo.hubapi.com”,“scopes”:[“oauth”,“automation”,“contacts”],“hub_id”:62515,“client_id”:“95c5e2ff-4748-473f-b4f4-2d7a3aef97a9”,“user_id”:215482,“token_type”:“refresh”}
{“token”:“CKC2iIS7KxICEQEYs-gDILqTDSiPxwIyGQBC-5ITaeumVoHX0Q2YpvHT-3Sl7OcP7zo”,“user”:“testapi@hubspot.com”,“hub_domain”:“demo.hubapi.com”,“scopes”:[“contacts”,“automation”,“oauth”],“hub_id”:62515,“app_id”:41871,“expires_in”:21596,“user_id”:215482,“token_type”:“access”}