Authentication with expired token

How would i send the users to log in again if authentication token is invalid or expired?

You can just send a POST call to refresh the token if needed. The following is from the Bubble Docs:

Bubble apps can be used as an authentication provider for external services or applications, similarly to the “Log in with Facebook” feature seen in many apps and websites.

  • When your Bubble app is used as an OAuth provider, a GET call is made to https://[Your-App-URL]/version-test/api/1.1/oauth/authorize with the client_id and redirect_uri as parameters.

  • When this is successful, a parameter, “code”, is sent back in the URL, to the external service

  • Next, the external service must execute a POST call to https://[Your-App-URL]/version-test/api/1.1/oauth/access_token with parameters: “client_id”, “client_secret”, “redirect_uri”, and “code”. This is known as the token endpoint.

  • Lastly, the app will respond with “access_token”, “expires_in”, and “uid” parameters that the external site can store for the user.

  • The access_token is used in future calls to the Bubble app from the user within the external app (until expiry)

  • Refreshing the token: In the POST body, set grant_type to “refresh_code” and send the refresh token as the refresh_token received previously. You will need to include the same client_id and client_secret used when getting the token in the first place.

1 Like

I have all of it set up. How would i redirect the user to the log in page if the token is expired. What workflows would i use?

I use xano as my backend and save the user’s authtoken inside the bubble database as a cookie. I tried using the “current user’s token is empty” workflow but it doesn’t work because it never become empty, it keeps the old token.

Hi @JohnT, this is just a guess, but what if when you get an authentication error from a request to xano then it removes the token from the db and take you to the login page. It could be also a good idea to store the expires_in value in the db to check if the token is expired before any request is made.


How exactly would i do this?

Hey @JohnT, It is not easy to tell you with this little information, I am not xano expert. I need to know what information user get during authentication and what user get when trying to use a expired/invalid token.

This topic was automatically closed after 70 days. New replies are no longer allowed.