Problem/Motivation

The HubSpot module allows users to specify custom OAuth scopes in the admin settings (hubspot_scope). However, these configured scopes are currently ignored when generating the authorization URL. Instead, the module always uses a hardcoded set of default scopes (oauth and forms), which prevents developers from requesting additional permissions required for their specific HubSpot application integration.

Steps to reproduce

  1. Install and configure the HubSpot module.
  2. Navigate to /admin/config/services/hubspot.
  3. Enter custom scopes in the "HubSpot Scope" field (e.g., contacts content).
  4. Click "Connect HubSpot Account".
  5. Observe that the redirected HubSpot authorization page only requests the default scopes (forms and oauth), ignoring the custom scopes entered in the configuration.

Proposed resolution

Update Hubspot::getAuthorizationUrl() to retrieve the hubspot_scope configuration. If custom scopes are provided, they should be exploded into an array and used for the authorization URL. If the configuration is empty, the module should fall back to the existing HUBSPOT_OAUTH2_SCOPES constant.

Remaining tasks

  • Review the patch.
  • Verify that custom scopes are correctly passed to HubSpot during the OAuth handshake.
  • Confirm that the default scopes are still used when no custom scopes are defined.

User interface changes

None. The "HubSpot Scope" field already exists in the admin settings but was previously non-functional.

API changes

None.

Data model changes

None.

Issue fork hubspot-3587900

Command icon Show commands

Start within a Git clone of the project using the version control instructions.

Or, if you do not have SSH keys set up on git.drupalcode.org:

About issue forks

Comments

jeroent created an issue. See original summary.

jeroent opened merge request !24

jeroent’s picture

jeroent
Primary language Dutch
Location 🇧🇪
commented
Status: Active » Needs review