How To check to see if token still valid in bubble by using api call?


Is it possible to check and see if a token is still valid in bubble by using api call?

Hey @JustinC, this is kind of a vague question, but I’m going to assume you’re connecting to an OAuth 2 type API that’s issuing you a token?

When it does that, it should be sending you TWO tokens: The auth token and a refresh token. It should also be sending you the token expiry time (typically in ms, but any number of things are possible).

When you store this info, it should be stored as an at least 3-fielded thing and you save all of them. Transmute the expiry time into a bubble date (like set field “Expiry Date” to current date time+seconds expiry-time-in-seconds).

When you go to make a call to the API, if Current Date Time is < The-token-thing’s Expiry Date, you can safely make the desired call with the auth token.

If not, you call the API’s refresh token call (sending the value of The-token-thing’s Refresh Token). The external API will spit back a new trio of info (auth token, refresh token, expiry time). Make changes to the existing token-thing.

So in a workflow this kinda looks like:

Step 1: Call refresh token (only when curr d/t > token-thing’s Expiry Date)

Step 2: Make changes to the token-thing (only when Step 1 result not empty)

Step 3; make desired API Call

1 Like

Its actually a mobile app and i am trying to determine if the user is still logged in essentially…

If logged into bubble it does NOT redirect the app on launch to the Login screen.

Of course, if u have an auth token and need to check its validity, because you don’t know it, you can try making any call to the API in question. If it errors “unauthorized”, the token is no good. (Bubble has an error handling action BTW, look up unhandled error in the reference.)

However it would be better to just use the refresh token to get a new set of tokens entirely.

(Refresh tokens never expire due to time: they are single use and expire once exchanged for a new auth token / refresh token set).

Ok… you mean, you set up random OAuth 2 identity provider as a login method for your web app, yes?

Like, folks can login with their Facebook, Google or Random App X credentials, yes?

In THAT case, the user is logged in if the user is logged in. Just check “Current User is logged in”. If true, that’s true is false that’s false. It’s that simple.

It’s not an oath actually.

The mobile app/device stores a token received from bubble as a device variable (accessible and saved even if the user closes the mobile app and re-opens it) and I’m trying to condition the mobile app to:

If auth token (user authorized) is still valid then go to HOME SCREEN

If auth token unauthorized, go to LOGIN screen.

Ah, I see: So this is kind of a follow on to that other conversation we had recently about how to get such a token (How To Assign A User To A API Workflow Endpoint).

So you’re snagging that token and storing it on the device, but you are not also storing its expiry time? The thing to check would be that.

However, you could make an API Workflow endpoint in your app like “check-token” that simply returns true (or whatever you want) and call it with the token. If the token is valid, you’ll get true back (and status 200 success). If the token is not valid, you’ll get a not authorized response (I’m not sure what status code, but it’s easy enough to check - it’ll be something like 403 Forbidden or 401 Unauthorized).

That’s all you could do, right?


This topic was automatically closed after 70 days. New replies are no longer allowed.