Authentication with expired token

JohnT · August 22, 2022, 3:24pm

How would i send the users to log in again if authentication token is invalid or expired?

williamtisdale · August 22, 2022, 7:50pm

You can just send a POST call to refresh the token if needed. The following is from the Bubble Docs:

Bubble apps can be used as an authentication provider for external services or applications, similarly to the “Log in with Facebook” feature seen in many apps and websites.

When your Bubble app is used as an OAuth provider, a GET call is made to https://[Your-App-URL]/version-test/api/1.1/oauth/authorize with the client_id and redirect_uri as parameters.
When this is successful, a parameter, “code”, is sent back in the URL, to the external service
Next, the external service must execute a POST call to https://[Your-App-URL]/version-test/api/1.1/oauth/access_token with parameters: “client_id”, “client_secret”, “redirect_uri”, and “code”. This is known as the token endpoint.
Lastly, the app will respond with “access_token”, “expires_in”, and “uid” parameters that the external site can store for the user.
The access_token is used in future calls to the Bubble app from the user within the external app (until expiry)
Refreshing the token: In the POST body, set grant_type to “refresh_code” and send the refresh token as the refresh_token received previously. You will need to include the same client_id and client_secret used when getting the token in the first place.

JohnT · August 22, 2022, 8:42pm

I have all of it set up. How would i redirect the user to the log in page if the token is expired. What workflows would i use?

I use xano as my backend and save the user’s authtoken inside the bubble database as a cookie. I tried using the “current user’s token is empty” workflow but it doesn’t work because it never become empty, it keeps the old token.

spaccesi · August 23, 2022, 12:11am

Hi @JohnT, this is just a guess, but what if when you get an authentication error from a request to xano then it removes the token from the db and take you to the login page. It could be also a good idea to store the expires_in value in the db to check if the token is expired before any request is made.

JohnT · August 23, 2022, 4:08pm

How exactly would i do this?

spaccesi · August 23, 2022, 8:11pm

Hey @JohnT, It is not easy to tell you with this little information, I am not xano expert. I need to know what information user get during authentication and what user get when trying to use a expired/invalid token.

system · October 31, 2022, 3:24pm

This topic was automatically closed after 70 days. New replies are no longer allowed.

Topic		Replies	Views
How To check to see if token still valid in bubble by using api call? Need help	7	2002	May 2, 2019
Refresh token with Client User Agent Flow APIs	1	299	November 21, 2023
How does Bubble handle the token verification/refresh process? APIs	14	1601	April 20, 2023
Getting a new Access Token using the Refresh Token APIs	9	2661	October 18, 2021
Send users to log in screen when auth is expired Need help	4	832	November 10, 2022

Authentication with expired token

Related topics