3rd Party Oauth Access

Hi all.

I would like to use my bubble app to authenticate a login via Oauth2 and if user exists then they automatically login to an external website. I have setup the 3rd Party Oauth Access in settings, the token requests are being sent and confirmed by bubble and bubble is replying with the access_token, refresh_token, epiry date, and uid (which is user id).

The problem I have is the website I am trying to login with expects an email address to match an email address they have.

Does anybody know how I can return the email with the initial oauth request as well as the uid OR use the uid and the access_token in an api request to get the logged in user email?

Thanks in advance

The end game of the user agent process is for Bubble to provide you with the access token, expires in, and uid. This you have as per your post.

Create another endpoint where you run a search for that user’s email by using the user uid. Add the action that returns this information as text. Just set the endpoint as public, require authentication and set privacy rules accordingly. Authenticate as Bearer token using the access token of course. :smiley:

Thank you for your reply, much appreciated. I presume I must create a backend workflow to do the search and make it public?

Public at your own risk :wink:

Oh I meant that I I need to share the url, wrong choice of words :laughing:

So I have started to make a backend workflow but I am unsure of how to search the database from the workflow, do you have any guidance please?

Set a text parameter called uid in the endpoint and use it to search for user with unique id = uid first item

Perfect, thank you. Its the ‘return data from api’ part I missed :weary:

I will try it out now. Thanks again for your help

1 Like

So I have done testing in postman and it is working!!! I will set it up correctly tomorrow and will let you know how I get on.

Thanks again. You are a lifesaver.

1 Like

Hi, thank you for your help previously. So it seems the website I am integrating with sends a GET request with the access_token and not the UID. Do you know if it is possible to search for a user with the access _token that is granted instead of the UID?

Thanks in advance

Two ways:

  • Have the token be the API key
  • Set the user being granted an access token be an app admin user with full privacy rules capabilities to search for other users.

Think through the security implications if each

Thank you for your reply.

This is all automated so I don’t think either of those would work. So my current flow is as follows.

  1. Partner app makes an Oauth call to my app via the 3rd party Oauth setup in bubble.
  2. My app returns with an access_token and a UID.
  3. Partner app uses the access_token in a GET request to my app to search for a user that is associated with the access_token and then expects a return of email in JSON format.

I have no way of changing the partner GET request.

Bubble’s oAuth is providing the UID of the Bubble user whose token is returning.

With both of those you can set up a Bubble endpoint that returns JSON and also email it.

This topic was automatically closed after 70 days. New replies are no longer allowed.