Hello Bubblers
We have a news app in use which is based on Google Firebase. The user accounts and passwords are also stored there. Now we have implemented an API with which I can pull user data from Google Firebase in my Bubble MVPs via a Jason Web Token. This works well.
This is how the workflow is currently implemented:
Step 1 - User clicks on Login
- The user clicks on the login button in Bubble
- If the user is not logged in, they are sent to our Google Firebase login screen. I enter the ReDirect address via a URL parameter.
Step 2 - Log the user in to Google Firebase and send them back
- Upon successful login on the Google Firebase login mask, the user is redirected to the Bubble.io URL and provides a JSON web token.
Step 3 - Log in user on the Bubble.io solution or create user profile
- I receive the e-mail address and all other information from Google Firebase (first name, last name, subscription number, etc.) in encrypted form from the JSON web token.
- If the user exists, he should be logged in
- If the user does not exist, a user profile is created with all the information from the Json web token
This all works perfectly, with one little problem:
Bubble.io also requires a password. Of course, I can’t and don’t want to transfer this via the API. I could now use a hack and simply set the same password for every user.
But that’s pretty insecure and I think there’s probably a better concept.
Any ideas?