Bubble App as Oauth2 Provider

Hi - I have an app that runs on bubble. The app will have “remote clients” (remote programs running in other platforms) that will need to connect back to the bubble app using the data API primarily. I got the entire process working using an admin api key and then I turned to how to secure it and realized that I may have an issue.

For security, I need to be able to limit the records that each remote client can access via the API using privacy rules. That means that I have to have a user token. I have tried a variety of oauth2 ideas but they all seem to focus on integrating other platform’s login within bubble. I was thinking that I’d use bubble like an oauth2 provider for my client apps but I haven’t found how to do that yet.

Does anyone have suggestions on if this is doable? More generally, is there a workflow where bubble can be used as the data API and security / privacy rules are applied - machine to machine regular data exchange?

Thank You!

Bubble doesn’t have a real oAuth process but have a way to do what you need.

Create Sign up/Login API workflows. This is useful for building an alternative front-end to the Bubble app, such as a native app that you developed. When an API workflow contains a sign up or login action, then a user ID, token, and expiration, expressed in seconds, are returned with the response of the call. Subsequent calls to the app’s API, with a header Authorization: Bearer API_TOKEN , runs all calls and workflows in the context of the user associated with the token. This user will be the ‘Current user,’ who you can access with actions. Privacy rules will apply to this user as they would if the user was logging in the Bubble app and using it in their own browser. This token should be kept safe.

I thought about these but I had ruled it out. Rethinking this, I am reconsidering how to handle user / password and that may solve the issue. Appreciate the quick reply.

Yes you need to use user and password for this authentication process. User submit their user and password and this will return a Bearer token that you can use in other calls.