Hubstaff API V2 CLI — OAuth + DPoP Client
Liliyan Dunev
Hubstaff API V2 requires a non-trivial OAuth 2.0 / OpenID Connect dance: the Personal Access Token issued by their UI is actually a 90-day refresh token, not a Bearer credential. Passing it directly returns 401 invalid_token. This CLI implements the correct flow: exchanges the refresh token for a 24-hour access token via the OAuth token endpoint, caches both under ~/.config/hubstaff/ with restrictive permissions, transparently re-authenticates when the access token expires, and supports DPoP token binding. Built in pure Bash + curl + jq for portability across Termux, Linux, and macOS. Subcommands cover the most-used endpoints: users/me, organizations, projects, tasks, time-entries.
Like this project
Posted May 13, 2026
Bash CLI for Hubstaff REST API V2 with two-step OAuth flow: exchanges 90-day refresh tokens for 24-hour access tokens automatically. Handles DPoP-bound credentials, refresh-token rotation, and clean error recovery. Subcommands: me, organizations, projects, tasks, time-entries.
