What must the user do to authenticate with OAuth?
- Use a refresh token every few hours, so their app re-establishes a connection with their HubSpot account.
- Submit a temporary authorization code for the integration to access their HubSpot account.
- The user is given an access token they must use whenever they make an API call.
- None of the above. The user only has to read the first authorization screen and permit or deny the integration from accessing their HubSpot account. The rest happens in the backend.
Explanation: The correct answer, ‘None of the above. The user only has to read the first authorization screen and permit or deny the integration from accessing their HubSpot account. The rest happens in the backend,’ accurately outlines the OAuth authentication process. When authenticating with OAuth, users are presented with an authorization screen where they can review the permissions requested by the integration and decide whether to grant or deny access to their account. Once the user provides consent, the integration receives an authorization code, which it exchanges for an access token and optionally a refresh token. The access token is then used by the integration to make API calls on behalf of the user, eliminating the need for the user to manually manage tokens or submit temporary codes. This process enhances security by ensuring that users have control over which integrations can access their data and simplifies the authentication flow by abstracting token management away from the user interface, making the experience more seamless and user-friendly.