đź’ş Introducing Bask: A VS Code extension for building plugins

Showcase
3

As reported earlier, the issue with Bask is now confirmed to be the result of a change in Bubble’s infrastructure. Specifically, at some point over the last week (or two?), Bubble changed the format of the auth_token returned from it’s https://bubble.io/api/1.1/wf/generate-user-token endpoint.

The way this endpoint works is exactly as described in Bubble’s manual entry here (Oddly, we used to be able to introspect this endpoint by looking at bubble’s public Swagger spec, but that’s no longer available at https://bubble.io/api/1.1/meta/swagger.json)… By hitting that endpoint like:

curl --location 'https://bubble.io/api/1.1/wf/generate-user-token' \
--form 'email="your@email.com"' \
--form 'password="your_bubble_password"'

you get back a response that used to look like this:

{
    "status": "success",
    "response": {
        "token": "1714423022372x495316453461721000",
        "user_id": "1532946738452x195464432190731100",
        "expires": 31536000
    }
}

With this token, we could authenticate into bubble.io to see what plugins a user owns as well as perform any action a signed in user could perform through the web interface.

As of the recent change, the format we now get back for this response is:

{
    "status": "success",
    "response": {
        "token": "bus|1532046738452x794314432119549562|1714423022372x49531645156984672",
        "user_id": "1532046738452x794314432119549562",
        "expires": 31536000
    }
}

Observer the change of token’s value from "1714423022372x495316453461721000" to "bus|1532046738452x794314432119549562|1714423022372x49531645156984672".

It appears that with this change, we can no longer sign Bask into Bubble on behalf of a user to perform actions on their Bubble account. At this point, the token only appears to grant Bask access to read a user’s plugin list, leaving the VS Code extension unable to perform crucial operations such as syncing plugin updates to a Bubble user’s account. Attempts to log Bask in using a parsed version of the new token (using any one of the two bubble_thing_ids listed between bars |) has not been successful.

Given bubble’s API versioning system:

https://bubble.io/api/1.1/wf/generate-user-token

I, and I think the community, would have expected a breaking change like this to take place under a new API version like:

https://bubble.io/api/2.0/wf/generate-user-token

so betting this was an accident. This post is both a notice to Bask users as well as an initial bug report I’m filing to get this fixed. I look forward to fixing this is soon as possible so the users who’ve grown to depend on Bask can get back to plugin development as soon as possible.

6 Likes