Hi Bubble community,
I am currently working on a setup where I want an external partner app to create an account for a user in my *Bubble.io app, then have the user logged in automatically in an iFrame embedded in the partner app without requiring a password. The goal is to make this work providing an email address only.
Here’s the flow I’m aiming for:
- User Account Creation: The external partner app creates an account for the user in my P2park app via an API (user info, like email, is passed to my app).
- Login Process: The partner app wants to automatically log the user in to the iFrame embedded in their app
- No Passwords: I want to bypass the need for the user to enter a password. The login should be seamless, possibly using a token or another mechanism to authenticate the user.
My questions:
- How can I create a secure process to automatically log the user in to my app from an external app, without requiring a password?
- How can I ensure security while bypassing passwords, preventing unauthorized users from using the iFrame to log in (e.g., someone who knows the user’s email)?
I would really appreciate any advice, solutions, or best practices for implementing secure login and authentication in this scenario.
Thanks in advance for your help!