So still not entirely sure of all issues (one was Brave browser related, doubtless others were idiot user [me] related) - also had set up using an older video link.
But in relation to the password question I raised earlier, Ron put me on to a much more secure login workflow:
Assign Temp Password to user matching SSO Profile Email (does nothing if no match)
Sign up (if … count is 0) using result of step 1 as password
Log user in using result of step 1 as password
Hey @pathfix once the user is logged in I cannot navigate to home page (or any event in workflow). It does not go to home page like in your tutorial. Thanks
Hey @daniellemclean you would need to add a step in the workflow to navigate to a different page. Let’s get this going together, ping us on our live chat support (via your Pathfix dashboard) and we can walk you through the setup
I’m following this guide to setup the conditional logic for if accounts exist. The issue however is that I need to enable the ‘Search for Users’ condition to logged out users. This exposes all the email addresses in my database to logged out users if it’s possible to find them in searches. This looks to be a pretty major security flaw. Can you clarify?
Hi @messly not sure this is a security flaw, could you explain further on a scenario in which the user data in question can be accessed by anonymous user without you providing some access through the user interface or workflow API?
I think the Bubble feature is possibly not a security feature but a pre-query to simplify building your app.
You can also reach out to us via email and live chat support through your Pathfix dashboard
‘Find in searches’ exposes the user ids publicly. They’re obviously not visible directly on the page but it’s possible to access this data if you know what you’re doing which is a secruity risk. I’ve raised it with Bubble too.
Hi @Pathfix, I see that the plugin is free for up to 500 logins per month, but I can’t find the pricing for beyond that.
Could you please share a link with pricing information?
Thanks!
We already use Pathfix for OAuth 2.0 on the backend and now that we’re implementing SSO my assumption was that we would also use them for that.
The problem though is that their SSO solution works doesn’t allow for a traditional login route alongside some 3rd party option - it has to be one or the other which just doesn’t work for us.
Bubble’s own Social Login facility does allow for this so I’m left wondering why people needed an identity oauth alternative in the first place - i.e. What issues am I not understanding with Bubble’s own Social Login specifically for client-side session authentication that has led people to going down the Pathfix route? @NigelG do you have a quick 2 pence on it?
@Pathfix
I’ve set up everything right to the documentation https://www.youtube.com/watch?v=MESdU9GKv2U however in my Native App component does not work. In debug mode it’s visible that element exists, but component is not visible.
Also Pathfix account has been created and account for API added.
Do you have any idea what can be the reason and what could be the solution to fix it?
Please see the picture below:
It could be a small configuration error, we could take a look at your setup together. Could you ping us on our live chat support or email us at support@pathfix.com?
Almost everything works. However, after I logout and redirected back to page with “Sign Up” the SSO UI component doesn’t render at all. If I’ll go from scratch in Incognito mode it works again until I’ll try to Log Out.
Hi @nickkimel the SSO Profile log out doesnt seem to be setup correctly. We could take a look at this together. Could you ping us on our live chat or via email so we can go through this together?
