I am successfully accessing a 3rd party Oauth2 (discord) to signup users however the redirect URL shows up with the parameter ‘code’ (which I need) but after a split second it disappears and the URL returns to the normal page URL without any parameters.
The user is being created however I am also trying to grab the ‘code’ value from the redirect URL and add it as a field for that user. I’ve tried ‘make changes to current user’ and tried to use ‘get data from page URL’ > parameter > code but it never returns anything.
To reiterate when I click my element “register” I do get redirected to the oauth authorization page on the 3rd party site, and once completed the redirect url does include the code parameter I need. It just disappears almost instantly as all parameters are cleared from the URL.
Here is my browser URL after the redirect back to my app is complete.
Here is F12 network tab where the URL shows it had the URL parameters upon return to the app but they are being stripped and I am unable to use them in my app anywhere (even as a follow up workflow action to the login / oauth).
Interestingly if I copy the redirect URI from F12 as pictured above and remove everything after used_redirect_uri: xxxx and paste it into my browser I get sent to the correct page in my bubble app and the code value is able to be parsed.
If I copy the entire F12 request URL then I’m sent to the right page on bubble app but all the parameters are removed from the URL.
So you are using user-agent flow from Bubble Auth. So why do you want to catch the code? There’s no reason to try this and you cannot use it once it’s used normally (Bubble use it to get the access token…)
I got it working, but you’re not wrong, what I really need is the access token.
I have the oauth working and am able to send out additional calls using the oauth api conenctor and they work (meaning the access token is good however it is stored via bubble api connector).
However in my login workflow I’m trying to gain access to the access token to send to my backend and I am unable to get it parsed in the workflow.
I’ve checked under “current user” or “from step 1” which is the login API connector but I cannot find the access token. Any ideas?
These steps both work as part of my oauth API connector. However if I add a step 3, I have access to “results of step 2” with a bunch of my discord user information, but I cannot access “results of step 1” or find any way to reference my access token.
And why do you need to get the access token? if you send the request to backend workflow with Schedule API Workflow from the user account (when the user is logged in an he is the one who call the backend WF), this will use this user access_token.
This is not something you can access, however, you can use a workaround:
Create a backend workflow with detect request header enabled, add API call to this backend workflow inside the API configured to call Discord. This request will send the access_token in the header that you can after, use in another call (but you will need to create another API with selfhandled set to be able to use this call without conflict). Honestly, this is not a good thing.
I guess my concern is how can I confirm a browser / session is oauth validated if I cannot check the access token?
I’m using discord to avoid making my users create an account. Once they validate their discord via oauth they can access some areas of the app that are otherwise unavailable. What is the best method to ensure only users who are validated with oauth can view that area on future sessions, otherwise kick them back to the verify / oauth page?
When a user is created with user-agent flow, this also create a Bubble user and log this user in. So you just need to use current user is logged in (same for privacy rules).
