Get current user for API call

Hi all, hoping somebody can help with this issue I am having.

I am using my app to authenticate the login for another website (using 3rd Party oAuth). Everything is working as it should in terms of granting tokens, the website is getting the appropriate token from bubble but I am stuck at the final hurdle.

The website I am connecting to, as a final step it is is making a curl GET request to a backend workflow I have setup with the access token in the URL, so for example, the GET request url is

The end goal of this call is to get the current users email, pass this to the website which then grants access if the email exists. This is a standard oauth2 call which normally searches the database for the token and returns the user profile.

I am using the granted token in a subsequent api call to my database as a bearer token which is working but what I need is to get the user details that are linked to that oauth token.

Because we can’t search the database for a token which would potentially give us the user details of the token holder, does anyone know how I could get the user details linked to the oauth token?

Thanks in advance

Are you able to add the users email dynamically as a parameter in the get request potentially?

Hi Oliver, thanks for your reply.

Unfortunately I am unable to change any of the parameters in the GET call being made from the website I am linking to, they simply offer the access_token as a parameter and not even as a bearer token so I have to take the parameter and create another api request using the parameter as a bearer token. I could potentially add the email in the api call I make but because it is a backend workflow I don’t think there is a way to get the current user.

1 Like

Why not? Running a search for the user with a particular access token and returning their email if the search finds a match is a safe practice. Access tokens are unique and considered unguessable, especially due to their short lifetime.

Hi Nico, thanks for your reply. I am not saying ‘can’t’ as in we shouldn’t, I was saying we can’t because bubble doesn’t seem to have an option to do it because the tokens generated by the 3rd party oauth option are not searchable in the database from what I can see (not from a backend workflow I mean).

Can you outline the previous oauth flow steps you have set up? A GET request to the backend is not a typical oauth2 step.
It seems that in order to get this working, at some point during the flow, you’ll have to save the access token token to the database.

1 Like


So I have the 3rd party oauth setup…


The website that uses my app as an identity manager does the oauth dance with bubble using the details in the image and receives the below information (example data)…

“access_token”: “st_w9y12893y812y389y123y”,
“refresh_token”: “st_7d0034234324432f1ced979c1ff67501b1a1”,
“expires_in”: 86400,
“token_type”: “Bearer”,
“uid”: “1704719698099x797545826310022434”

The website then makes a backend workflow call but only has the access_token as a parameter, not as a bearer token, so it calls my backend with the following url as an example

I cannot change this call so I have to somehow search my database for the user that owns the token in the parameter.

The oauth documentation refers to GETUSERINFO as a typical step in the oauth process Authentication API Explorer but this is not possible in bubble with the 3rd party oauth setup, this would need to have a custom setup that has the token in the database where it is searchable.

Unfortunately I cannot save the token in the database as I do not have access to it in a workflow (technically I can save it in the database when the GET call is made back to my app but it doesn’t have the user id with it so I can’t save it to a user).

Hey Craig,

Got swamped with work, just to check, in the log do the calls coming in with that Oauth token display as actions taken by that user by chance? or is it just admin / blank?

If the default Oauth option within bubble doesnt work for your purposes I think you would need to just build the Oauth from scratch in bubble, meaning create your own backend workflows which will allow a token endpoint etc and to store that against a user. Lots of privacy rules to consider, bit of a pain, but if thats the only way through it then yep :slight_smile:

This topic was automatically closed after 70 days. New replies are no longer allowed.