Handling Non-Standard OAuth2 API Response Key in Bubble

julia.komkowski · 2024-08-05T15:38:12.658Z

Hi there,

I’m using the OAuth2 Password Flow authentication in a Bubble plugin to interact with an external API.

Problem: The API returns the access_token under the key access instead of the standard access_token. It looks like the API connector expects the standard access_token key to automatically handle the token for subsequent API calls.

How can I configure it to recognize and use the access key in the API response as the access_token? Is there a way to adjust the key or work around this issue?

Jici · 2024-08-05T15:45:28.776Z

Hi, do you have link to API doc?

You may need to select none/self-handled for auth and create a call instead to fetch the access_token endpoint and add the Authorization call to each other api call dynamically.

julia.komkowski · 2024-08-05T15:57:19.424Z

Here’s the link to the API doc: Get Token Pair.

If I handle the authentication myself, can i somehow directly use the response of one API call (specifically the access token) as input for subsequent API calls?

I intend to build a plugin and would like to have authentication completely handled within the plugin itself to make the use as easy as possible

Jici · 2024-08-05T16:17:54.325Z

Not really.
The process will be, if you set the token as “data” and want to “create a job” action

Create job will have header “Authorization” and you will set in value Bearer Get data from API Connector “Get token endpoint”

If you set it as "action,

Action: “Get token endpoint” > Create a job, set header “Authorization” with value to Bearer result of step1 access token

However, for this kind of API, a plugin is a bad idea because you will need to set the fields for password and username as “public” and this will be less secure if you use API Call. Could be solved using a server side action to ge the token…)

Try to reach the API provider support and ask them maybe to follow standard oauth2 password flow or to add a new auth option (in this case, creating an access token that never expire in API UI in account and use it directly in Authorization header instead of fetching one using password and username).

julia.komkowski · 2024-08-05T16:24:42.876Z

Alright, will do. Thanks a lot for your support