APIs & Integrations

airbyte
Member

OAuth bug: Scopes are Null if user was not logged in before the authentication

Hi,

 

We've encountered a bug during the authentcation process:

After clicking on authenticate button we can see the correct oauth redirect url to hubspot authorization page:

https://app.hubspot.com/oauth/authorize?client_id=airbyte_client_id&redirect_uri=https%3A%2F%2Fcloud.airbyte.com%2Fauth_flow&state=DHO0YV8&scopes=crm.schemas.contacts.read%2Bcrm.objects.contacts.read&optional_scopes=content+automation+e-commerce+files+files.ui_hidden.read+forms+forms-uploaded-files+sales-email-read+tickets+crm.lists.read+crm.objects.companies.read+crm.objects.custom.read+crm.objects.deals.read+crm.objects.feedback_submissions.read+crm.objects.goals.read+crm.objects.owners.read+crm.schemas.companies.read+crm.schemas.custom.read+crm.schemas.deals.read

As can be seen, all 'scopes' are provided correctly, including both standard and optional ones.
But, then Hubspot makes a redirect to login page with NULL scopes and no optional_scopes at all.

https://app.hubspot.com/oauth-bridge?client_id=airbyte_client_id&redirect_uri=https%3A%2F%2Fcloud.airbyte.com%2Fauth_flow&scope=null&state=Ym1llta

This eventually leads to the error mentioned below:

Couldn’t complete the connection An invalid scope name was provided. Please contact the app developer.

However, if the user is already logged into HubSpot, the authentication process works as expected (refer to the 'scopes' and 'optional_scopes' in the URL).

0 Upvotes
1 Reply 1
Jaycee_Lewis
Community Manager
Community Manager

OAuth bug: Scopes are Null if user was not logged in before the authentication

Hi, @airbyte 👋 It appears that the behavior you're encountering is part of the expected behaviour of the OAuth process.

HubSpot requires users to be logged in before they can authorize an app to ensure that the correct account is granting permission and that the user is entitled to those scopes.

 

This isn't so much a bug as it is a security measure. It's recommended to ensure that users are logged into their HubSpot account before starting the OAuth authentication process.

 

Best,

Jaycee

linkedin

Jaycee Lewis

Developer Community Manager

Community | HubSpot

0 Upvotes