OmniAuth HubSpot
An OmniAuth strategy for authenticating with the HubSpot API.
No Longer Maintained
This repository is no longer maintained. You may want to try advocately/omniauth-hubspot.
Peculiarities
HubSpot has some peculiarities in their implementation of OAuth that I've accounted for in this strategy. Be aware that the authorization process does not use OAuth2's state parameter for securing sessions. Additionally, it does not use the POST to token URL phase of OAuth; instead, the tokens we need are passed as parameters right after the initial request phase. HubSpot also authenticates with only a Client ID and a Portal ID, instead of the standard Client ID and Client Secret.
Installing
Add the gem to your Gemfile
and then bundle install
.
gem 'omniauth-hubspot'
Usage
You will need to define a custom setup phase for this strategy to work. This is because HubSpot requires a portalId
to be set, which is customer-specific and therefore cannot be simply passed as a parameter to provider. The above setup phase link should give you an idea of the different ways to do this. My setup phase code looks roughly like the following.
def setup
request.env['omniauth.strategy'].options[:portalId] = params[:hubspot][:portal_id]
render text: "Omniauth setup phase.", status: 404
end
If you are using multiple providers, you'll want to wrap an if statement around that so that you only set it when you're using HubSpot.
Then, when adding the provider to your omniauth.rb
, you will only need to specify a client_id
and a scope
. HubSpot's supported scopes are here. Note that although the documentation states to separate scopes with a +
, you will actually need to use a space, as this is escaped into a +
. Here is an example provider line:
provider :hubspot, ENV['HUBSPOT_CLIENT_ID'], setup: true, scope: "contacts-rw offline"
Be sure to specify the offline
scope if you want to get a refresh token that you can use to renew your access token.
Contributing
Fork, create a branch, and create a pull request when you're done.
License
Copyright (C) 2014 Daniel Arnold GPL v3.