Forum Academy Marketplace Showcase Pricing Features

Handling OAuth 2.0 Refresh Tokens

Yes, do it.

You can add this 4 versions of urls, to cover all possible cases:

@it18 OKay… will add this 4 url’s and check. Thank you for your quick reply.
So much appreciated.

Added all of 4. It amy take some time to take effect. So will try after sometime and let you know.
Once again thank you.
Also want to ask, can we choose any of the gmail account from the list ?

If you mean gmail account at the begining, before you grant access to used scopes.
You can use any account here, but you must subbmit your app to Goggle (send to review with short video, use cases and descriprion- you can add description in to video), othewise you can only use developer mode, and production mode only with aplication testers email accounts.

where does it ask for access to used scopes?
Also thank you highlighting about the submitting app to google, I need to check in detail because i haven’t looked into this. This is just the trial google dev console i’m using on my id. But while app in production there will be diff console according to company’s id. So right now i have no idea about this.

Btw even after adding 4 url’s to console, still it is giving same error "missing state from oauth provider"
How we can resolve this? Would you be interested into taking close look at the issue, so that i can share editor link?

After your error I think.

Check if your email that you want to use is here:

in Test Users section.

Yes, i can help you if you want. It would be much easier to look closer to it :stuck_out_tongue: So you can share link to your editor in Private Message or better set me as Colaborator/Editor via email [email protected]


I have messeged you editor link. Did you get chance to look at the issue?
I’m getting the same error “missing state from oauth provider”.

Hey, @pratima.dudhewar
I have look to your editor and find out that, you have bad redirect url in your (Open external website) redirect and you have page redirect on page load (Open external website) i change this action under the button click now. When i test it with bare URL link i find yout that your page was blinking for 0,1 sec and then got an error. then i find out your page stuck with redirect loop in addidtion with bad redirect url (so bubble default redirection fage cant hold this manual proces).

I hope you can continue your work now. :wink:

Now you should set “Get access token” api call on page load when you have the “code” in url.
in response you will finaly get access token and make your wished call.

I sent you link to my editor in Private message


ohhh. Yes… I was just looking at the changes you made. Thanks a lott.
Is it necessary to to perform this open external website action on button click? can’t we do it on page load?

Also thank you for sharing your editor link. Currently not able to access but will take a look.
Now this next “Get access token” Api call on page load means, on same page load action should i handle this?

you can but you must chceck in witch stage you are. For example you use your firs redirect when URL is “empty” without “code” and stop this when code is in url. Second action you can run when “code” apeard in you url, then you must redirect user somewhere else or set another state to let your paage know taht you arledy have an authorization and make sure workflow dont start evrything one more time on page load.

hey @it18
I got the API response once but then getting same errror invalid grant_type
As it got initialised once and it was in the plugins list.

But currently its not working.
Can you please look into the issue?

Google probably allow you to authenticate one time and next they want you to use existing token/ refresh this token/ or revoke token. until you revoke current token google probably think you are connected and dont allow you to get another token on the same account.
If it worked for the first time and you want to repeat this proces you must delete connection with your bubble app in your Gooogle account seciurity settings. Go to third party apps, find your app and revoke acces (just delete it). Then you could be able to try your oauth again.

hey @it18
I can see list of apps. In that one app UKStats has access. But this has to be same app name which is my bubble app? because i think this name is diff.

Thank you for the great idea! I did it with Spotify API and it works! I am able to authenticate users and save the refresh token in the DB and later run Backend workflow to get the recent history from Spotify for all Users without them being logged in.

My problem is that this way I do not login the users like I do if OAuth User Agent flow is used. Now I “Create an account for someone else” right after authentication, so the users and saved tokens are there, but if I don’t use the OAuth User Agent or Password, I can not login the users so Current User is not available.

On the flip side, when I use OAuth User Agent users are logged in, but then I can not store their Access and Refresh tokens for the Backend flow I run every 60min

Really stuck on this right now :frowning:

Hi @javor,
It is hard to say anything wothout looking at your workflow.
Can’t you chose user some other way than “current user”?
For example: Send current user as backend API workflow parametr “User” when he is logged in and then store it somewhere like like your access token, or when you repeat your workflow just use user from previous flow.

If you can’t figure it out anyway, you can send me your editor link with acces to view or edit in Private Message and i can look at it.
Anyway, where are you from? I ask becouse one of my friend have the very same nickname as you :stuck_out_tongue_winking_eye:

1 Like

Thank you will give it a try! I’m Bulgarian :slight_smile:

Look at my post here, it is simmilar problem.
I had share some screenshots here.

1 Like

So, I managed to resolve my problem above where I was not able to login the user using the manual approach.

I ended up using both Manual (None or Self-handled) and the build-in OAuth2 User-Agent Flow where first I use an API-1 with OAuth2 User-Agent Flow to create/login the user, and immediately after that I use the API-2 with None or Self-handled and redirect them to the authentication URL in my case After they are back to my custom redirect url, I grab the Access token from the URL parameter and I use it to get the Refresh token.
I save both tokens to the DB record for this user every time they login and update only the Refresh token when I collect data on their behalf from the Spotify API.

Thanks for the helpful threat it helped me alot!