Hi all, hoping somebody can help with this issue I am having.
I am using my app to authenticate the login for another website (using 3rd Party oAuth). Everything is working as it should in terms of granting tokens, the website is getting the appropriate token from bubble but I am stuck at the final hurdle.
The end goal of this call is to get the current users email, pass this to the website which then grants access if the email exists. This is a standard oauth2 call which normally searches the database for the token and returns the user profile.
I am using the granted token in a subsequent api call to my database as a bearer token which is working but what I need is to get the user details that are linked to that oauth token.
Because we canât search the database for a token which would potentially give us the user details of the token holder, does anyone know how I could get the user details linked to the oauth token?
Unfortunately I am unable to change any of the parameters in the GET call being made from the website I am linking to, they simply offer the access_token as a parameter and not even as a bearer token so I have to take the parameter and create another api request using the parameter as a bearer token. I could potentially add the email in the api call I make but because it is a backend workflow I donât think there is a way to get the current user.
Why not? Running a search for the user with a particular access token and returning their email if the search finds a match is a safe practice. Access tokens are unique and considered unguessable, especially due to their short lifetime.
Hi Nico, thanks for your reply. I am not saying âcanâtâ as in we shouldnât, I was saying we canât because bubble doesnât seem to have an option to do it because the tokens generated by the 3rd party oauth option are not searchable in the database from what I can see (not from a backend workflow I mean).
Can you outline the previous oauth flow steps you have set up? A GET request to the backend is not a typical oauth2 step.
It seems that in order to get this working, at some point during the flow, youâll have to save the access token token to the database.
The website that uses my app as an identity manager does the oauth dance with bubble using the details in the image and receives the below information (example data)âŚ
I cannot change this call so I have to somehow search my database for the user that owns the token in the parameter.
The oauth documentation refers to GETUSERINFO as a typical step in the oauth process Authentication API Explorer but this is not possible in bubble with the 3rd party oauth setup, this would need to have a custom setup that has the token in the database where it is searchable.
Unfortunately I cannot save the token in the database as I do not have access to it in a workflow (technically I can save it in the database when the GET call is made back to my app but it doesnât have the user id with it so I canât save it to a user).
Got swamped with work, just to check, in the log do the calls coming in with that Oauth token display as actions taken by that user by chance? or is it just admin / blank?
If the default Oauth option within bubble doesnt work for your purposes I think you would need to just build the Oauth from scratch in bubble, meaning create your own backend workflows which will allow a token endpoint etc and to store that against a user. Lots of privacy rules to consider, bit of a pain, but if thats the only way through it then yep
