We use cookies to make HubSpot's community a better place. Cookies help to provide a more personalized experience and relevant advertising for you, and web analytics for us. To learn more, and to see a full list of cookies we use, check out our Cookie Policy (baked goods not included).

Allow cookies
Reject

APIs & Integrations

Search APIs & Integrations for solutions or ask a question
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
smondal22

‎Jan 18, 2022 1:29 AM

Member

OAuth2 callback being invoked 2 times due to captcha

Hello Team, I'm integrating Auth0 (an OAuth2 provider) with Hubspot via the OAuth2 route. However, a captcha verification in the middle of the authorization workflow is invoking the callback back to Auth0 2 times with different codes. The first callback stays pending until I have clicked on the captcha, after which the callback gets canceled and a new callback gets initialized.

Since Auth0 (or any OAuth2 provider) embeds a state parameter to ensure security, the final callback is getting rejected. Any idea/suggestions on:

A. Why is the first callback request staying in the pending state?
B. How to avoid the second callback altogether?

 

image.png

oAuth
0 Upvotes
3 Replies 3
smondal22

‎Jan 19, 2022 12:48 PM

Member

OAuth2 callback being invoked 2 times due to captcha

Hello Teun, thank you for responding. The authentication flow is being triggered from a website, yes. This is the sequence of events that are happening.
1. We send the "authorize" request to the Hubspot endpoint: 
https://app.hubspot.com/oauth/authorize?login_hint=&prompt=login&response_type=code&redirect_uri=htt...

smondal22_0-1642613796495.png

2. Next up, I choose my account and log in. However, as you can see, the first callback request has already started.

smondal22_1-1642613934517.png

3. Then the Captcha comes up, while the earlier callback request is ongoing

smondal22_2-1642614037315.png

4. Finally, when I complete the captcha, the second callback request is sent and the earlier callback has been canceled. However, since the state parameter in both the callback is the same with different authorization codes generated by Hubspot, the OAuth2 server also rejects the second callback.

 

Callback #1 (canceled after completing the captcha): https://sybill-dev.us.auth0.com/login/callback?code=2f959928-07f2-4a5b-91a2-7e98c82808e3&state=xSy1H...
Callback#2 (rejected by our server because of the earlier callback): https://sybill-dev.us.auth0.com/login/callback?code=65563eea-4918-4271-a4fe-93a85f89eb5c&state=xSy1H...

smondal22_3-1642614466302.png

 

Please let me know if there's anything else that I can provide to help you understand this error. Any help will be highly appreciated.

 

 

Teun
Key Advisor | Diamond Partner

‎Jan 19, 2022 3:16 AM

Key Advisor | Diamond Partner

OAuth2 callback being invoked 2 times due to captcha

Hi!

 

Need a bit more info here, where are you trying to implement this? Are you building some kind of web app on HubSpot with React?



Did my answer solve your issue? Help the community by marking it as the solution.
dennisedson
Community Manager

‎Jan 18, 2022 5:20 PM

Community Manager

OAuth2 callback being invoked 2 times due to captcha

@Teun , any thing strike you here?

Thanks,

Dennis




HubSpot Community Developer ShowMake sure to subscribe to our YouTube channel
where you can find the HubSpot Community Developer Show
Sunny

Sign up for the Developer Newsletter

Fresh content delivered to your inbox every month.
OAuth2 callback being invoked 2 times due to captcha
Developers
Jan 19, 2022