La fonction de suggestion automatique permet d'affiner rapidement votre recherche en suggérant des correspondances possibles au fur et à mesure de la frappe.
Authenticate user on 3rd party website w/o App Marketplace Access permission
I am trying to let people log in to my 3rd party website using their Hubspot account. It seems like the user has to have the "App Marketplace Access" permission if I set it up using an integration app though. I'm concerned that the standard user will not have this permission.
Is there another way to approach this?
I also have to integrate data but expect to only do that with a designated "integration" account. This account will likely have the "App Marketplace Access" so I'm not as concerned about this.
Authenticate user on 3rd party website w/o App Marketplace Access permission
Hello Dennis,
I apologise for the late reply, but I think I have a better grasp on the situation now.
You're right. I do not believe that the App Marketplace Access permission is required for the average user to use our app since they're not installing it from the marketplace. I was getting confused by this article's solution a "couldn't complete the connection" error. I can confirm that giving the user the App Marketplace Access permission does not fix the issue.
Unfortunately, I am still running into an issue once I add specific scopes to our application. For this example, I would like to add the following scopes:
Once I add the crm.lists.read scope to the list, the standard user will get a "couldn't complete the connection" error when trying to log into our application. This error is given regardless of if a Super Admin has already connected the app to the HubSpot account.
This strikes me as strange because it seems like HubSpot is trying to connect the app to the account every time anyone tries to generate an access token using the app. Do you know if this is correct?
The only option I can think of so far is having two separate apps, one for authentication and one for data integration. The former will have minimal scopes and is only used when a user is trying to log into our application. The latter has the full set of scopes and will only be used when an administrator tries to integrate data.
Is it possible for the standard user to not have to reconnect the app to their HubSpot account every time they generate an access token? It's already been given access permissions by an administrator, I do not see why it has to be given permissions again by the standard user.
Authenticate user on 3rd party website w/o App Marketplace Access permission
Hello Dennis,
Thank you for reaching out. I apologise for the late reply.
I think I can rephrase the question better. Can you let me know if these details are still unclear?
Can we use OAuth to sign Hubspot users into our 3rd party website when they do not have the "App Marketplace Access" permission in their Hubspot account?
Currently, we have a Hubspot app with an id and secret and use these to open the Hubspot login from our website. It returns the code back to our website once the Hubspot user has successfully logged in, and that code is used to generate access and refresh tokens. Unfortunately, the user requires the "App Marketplace Access" permission regardless of if the app has already been installed on the Hubspot account.