Does using "access_token" as a query parameter logs out a user?

Disclaimer: I don’t have workflow screenshots.

I kept getting logged out of my app and I was wondering what’s the issue. And after a lot of trial and error this is what I observed. Someone, please correct me if I’m wrong.

I noticed this behavior while experimenting with my app. For whatever reason, I wanted to pass access_token to the next page’s URL as a query param along with other keys and value.

I noticed, the moment I landed on this page, bubble would log me out of the application. At first it was very weird and I was literally pulling my hair out. After a great deal of attempts, I decided to change the “access_token” key in my URL to “code”.

After this change, Bubble stopped logging me out and my session was intact.

Is this expected behaviour? If yes, more people should know about it.

Can you explain more the process you are using for authentication? For me it’s doesn’t seem very secure to pass access_token with url (even if you are using it as code now).

I’m using oAuth2.0 - from a social platform to get a user’s access token.
I agree, it’s not secure at all. I’m just playing around with Bubble.

I decided to do that because of an issue I’m facing with the order of operations in Bubble workflows (long story - this is to prevent users from authenticating duplicate social media profiles)