Forum Academy Marketplace Showcase Pricing Features

How to get the current logged in user's token?

I have a situation where I’m using the Bubble API, through the Bubble API Connector, and need to authenticate over it. I’m doing this because Bubble only lets you schedule API Workflows, but not wait for data to return. If you put your own API into API Connector, it lets you do it as an action and await a response. This works fine when using my external React app to interact with the API, as I use the bearer token received when logging in with React. And it works for workflows that do not require authentication internally.

However, now I need to access an authentication-required workflow from within Bubble using Bubble’s own API, which means I need to pass the bearer token of the currently logged in user. I’ve tried grabbing the local cookies with Javascript with document.cookie, but none of the keys I can find ([appname]_debug_mode, [appname]_live_u2main, etc) seem to be a valid token. And there’s no data point for it built in like I would expect like “Current User’s login token”. Any ideas on how to get around this or get the token via Javascript to pass into the workflow?

hey there, have you solved?

Can Anyone help with this? Currently have users logging in Via Google Calendar and would like to schedule a Google push notification on calendar change. Challenge is that in order to set the webhook in GCal we need to send the auth token.

https://developers.google.com/calendar/v3/push

@lucas.ar I never found a way to do this. I actually forgot exactly what I was trying to solve when I posted this but I know I had to do it a completely different way and abandon part of the feature I was trying to build.

You can’t get to the token. Bubble will send it as part of any API calls associated with the “Social Signon” action. Am assuming you know this bit !

So if you can’t use it as a bearer token in this way, then you will need to store the token yourself and split the signon process with the authentication process.

This is actually not a bad this, as Bubble does not handle refresh tokens for you. So if you have “offline” in your scope and the token needs refreshing, you have to do it yourself.

Hello @NigelG sorry for disturbing you, but regarding this matter i’ve actually been attempting just to login a user using discord api and recieve back a access_token well logging said user in

I need the access_token from the url after login i can do this with regex or another form of split i guess from reading up on another article ( Thanks To @lantzgould btw for that ) but the issue i dont actually know how todo is what you are defining here

discords api OAuth setup is found here Discord Developer Portal and I’ve made a plugin to handle OAuth logins but again I want to change it so I receive the access_token my plugin can be found here in read_only Bubble Plugin Editor - Discord - OAuth if you could help me out this would mean the world discord offers the API documentation to handle refreshing of a users access_token which i can on my own but other then that yeah I’m REALLY stuck
There is a button in the api area of a plugin on the oauth setup to call back the access_token i need this somehow working Bearer is usable and returned when requesting token
Discord Developer Portal < authorization-code-grant-access-token-response

{
  "access_token": "6qrZcUqja7812RVdnEKjpzOL4CvHBFG",
  "token_type": "Bearer",
  "expires_in": 604800,
  "refresh_token": "D43f5y0ahjqew82jZ4NViEr2YafMKhue",
  "scope": "identify"
}

Example only above provided from discords own api that token and refresh will not work of course
I can get the users ?code= and save it via OAuth using my plugin as is already but … when i made the token exchange plugin part of my discord api plugin above - i honestly do not know if i did it right or not.
If you could let me know after further checking out Discords Documentations it would and i mean would really mean alot as im trying to close a bridge between the coders and no-coders found on discord to be able to make a switch to no-code allowing all users skilled in code or not to be able to list their servers make cool discord sites and more!

:beers: Cheers m8

1 Like

Hi there.

Not quite sure what you are asking here, but will have a go.

Obviously, you can use Bubble to do the OAUTH2 for you (can’t see why that wouldn’t work) … but it seems you want to grab the actual access token/expires/refresh and store them somewhere?

So what you need to do is fashion your own OAUTH2 “dance” …

  1. Have a button with a redirect to the Authorization URL …

https://discord.com/api/oauth2/authorize?response_type=code&client_id=157730590492196864&scope=identify%20guilds.join&state=15773059ghq9183habn&redirect_uri=https%3A%2F%2Fnicememe.website&prompt=consent

(so…redirect back to a page on your site)

  1. User logs in (or doesn’t)

  2. Discord redirects you back to the page you set above

  3. On page load you need to grab the parameters from the URL …

https://nicememe.website/?code=NhhvTDYsFcdgNLnnLijcl7Ku7bEEeee&state=15773059ghq9183habn

So get “code” (of if it isn’t there send some sort of message to say it didn’t work) from the URL

  1. Swap the Code from 4 to get the Token (and the other stuff … that is the JSON you have above)

POST https://discord.com/api/oauth2/token

In the header you will need …

Content-Type : application/x-www-form-urlencoded

In the body you want the following…

{
‘client_id’: CLIENT_ID,
‘client_secret’: CLIENT_SECRET,
‘grant_type’: ‘authorization_code’,
‘code’: code, (that you got from the URL on the page in 4)
‘redirect_uri’: REDIRECT_URI
}

Then you should get the tokens and stuff back.

You can then add the “expires_in”: 604800, onto the current timestamp to give you the date the token expires (check you are adding the right thing … 604800 should be 1 weeks worth of seconds, and bubble (ISTR) uses microseconds.

Then when you are using the token, check if the current time is > expiry, and do the same call in 5) but with the refresh token in the body.

{
‘client_id’: CLIENT_ID,
‘client_secret’: CLIENT_SECRET,
‘grant_type’: ‘refresh_token’,
‘refresh_token’: refresh_token
}

The refresh token doesn’t expire, but it can be revoked, so watch out for that.

im sorry but Jici got it working it was a pain i have a help topic on this and will be updating the fix later on free time - jici also stated he would post it in tips area here in the forum im trying to merge the gap between coders and no-coders of discord bringing even more users too bubble who are developers who want to developer just that much easier thank you again for taking the time to help! It had to be performed via a backend WF as well on a internal api call to get it running right with a custom made plugin of course

:pray:thank you tho for taking the time to help this is a really big project i have and im only one developer with probably 12 devs worth of work todo :rofl: so thank you again!