You can’t pass a bearer token but you can pass a nonce token.
If a User is already authenticated (by having an account and signed in) what is the purpose of such token?
If you need to send to bubble from the host of the iFrame, you would need to figure out how to send data from your host. But if a User interacts with your iFrame like an app itself, I don’t see a reason in sending data to Bubble, since the user is technically, actively interacting with Bubbles and your apps server.
I guess I don’t understand how/what you mean by “nonce token”. I have looked it up (Cryptographic nonce - Wikipedia), but it seems abstract–is there an applied way to refer to this?
The user is authenticated on Site A. (The site that calls the iframe.)
The Bubble app is Site B. (Displayed to user on Site A as a sub-component of a larger app.)
I would like the user to be able to securely interact with Site B (via bubble iframe) without having to re-auth.
The solution I see is: generate a bubble user token that would be stored (through API) in the Site A DB.
Then in the request add the user token. It takes into account the privacy rules that you have setup, so if the user can’t access the data, he will not be able to see it in the iFrame.
It will depend on how the DB interact between both sites
I see. That’s super easy then. Do you have capability to make api calls on site A? if so, I can help you create a bubble bearer token for the user where that’s all you’d call and interact as that user in bubble.
SSO to authenticate the Bubble user from your App DB/auth. Your app should be the SSO provider. When the iframe open, Bubble will authenticate the user with the SSO. If the user is already logged in to your site A, it will be authenticated in site B (Bubble)
You could post a message to the parent window instruct the main window to go to the google login effectively leaving the iframe and have the redirect be back to your app
You would not be using the social login feature in this case but handling the token management yourself.
Hi, could you explain a bit more? how this would work,
I am loading a iframe(containing my bubble app) on an external website. I want to authenticate users with google o auth or normal email, inside the iframe itself.
How would I do that with SSO?