Log the user in from the backend

I want to log the user in from the backend.
I use the “sign the user up” or “log the user in” workflow in the backend workflows but it does nothing (only creates the user but no login).
Anyone got a workaround?

What is the end goal?
You can do an auth workflow like described here: As a User | Bubble Docs
To get auth token that you can use in DATA or API Workflow to run it as the user.

However, if you are sending the request from Bubble frontend using Schedule API Workflow… if the user is authenticated, there’s no need to authenticate it again, Bubble will run this scheduled WF on behalf of the current user.

@Jici thanks,
I have a slack sign-in api call (I use the api connector since with the plugin I would need to ask the users for extra slack permission that I dont want to do) from which I get the slack user id. then in the backend, since there is no actual password that the user entered I do: assign temporary password → sign-up/login user.

How do you make the request to the backend WF? If this is from a Schedule API WF action, this is not an issue. If you are trying to call your app from outside and do slack stuff, this is more complex.
Option A) create the auth manually for slack instead of using API Connector user-agent auth
B) store the access token into a field by using a workaround (you send the access_token using a fake call in Slack API connector to your Bubble backend and detect header after their first log in). Slack access_token do not expire according to doc.

@Jici
user is redirected to the “redirect url” in my app and then, with the code in the url, I schedule the api workflow. but, this does not login my user.

I also tried a click button → schedule api workflow = log the user in, but this does not log the user in

Not sure what you are trying to do here. Can you explain and maybe post some screenshot?
Are you trying to oAuth2 the user manually?

If user successfully signs in with Slack, I want to sign up/login that user in my bubble app. But, since a user will not have a password, everytime the user signs in I assign new password to user and then log the user in.

Why not to use Bubble API Connector user-agent flow?

Bubble will create a user for you with that.

Because honestly, I don’t like this kind of process.
If you cannot use API Connector user-agent flow and you need to manually auth the user, I personnally prefer to ask user to create account with Bubble auth and manually authenticate to API (like slack) after and storing this with the current user.
If this is not an option, I recomment to look at pathfix that can handle that.
Finally, if you don’t want to use an external service, you need to use Signup user action first with a custom password but that you can get info from the slack API

Process should look like:
URL to authorize endpoint > Redirect back to your app (You should use a page instead of a backend, however, this is possible with a response type "page redirect > Get access token with the token endpoint > get the userinfo identity with API connector and the access token you get in previous step > Sign up user and assign a value available from the previous step as password. Some will use access token (that is a good idea if the access token stay the same on each login) some will use user ID that, from my point of view, could be a bad idea as this is easily available (in slack, you can go to the profile to get the ID of any user…). Each time the same user auth with slack after that, you can check if the email already exist in your USER DB and if yes, instead of signup, you log them in using the same password from API profile endpoint

Thanks,
Yes, I understand, but in the process you mentioned wouldn’t then the password (access token) be saved in the user session and thus sort of “not so private” (which is what I wanted to avoid by doing everything in the backend).

Thanks @Jici ,
Yes, I understand, but in the process you mentioned wouldn’t then the password (access token) be saved in the user session and thus sort of “not so private” (which is what I wanted to avoid by doing everything in the backend).

It doesn’t change anything to do it in browser or backend WF as the get token call and signup action are processed server side anyway. The oAuth2 process is made for that.

@Jici so, you mean using an api connector call to “log in” user in the backend and then save that bearer token in the User type and use it for subsequent calls.

But then how can I sign up/login the user with that token so that the “current user is logged in” = yes? is this explained here?

I give you 3 way to authenticate the user with this oAuth2
A) I recommend using API Connector user-agent flow
B) If not possible, use Bubble auth and add manually oAuth2 connection
C) If not possible, do what you are doing and for password, use somenthing related to the user that you an fetch using API Connector

@Jici thanks for the message.
A. I need to ask for permissions to read user profiles and I dont want to do that. the bubble app for logged in users will just have a “manage subscription” button where users can simply manage the subscription for the whole slack workspace
B. I dont want to use Bubble auth as I want the process to be as smooth as possible.
C. so you mean have a field in the database for each user, such that when the user is authenticated with slack, I use the API connector to fetch it the data and log the user in? the question is: is this safe considering that this value will be sent to the frontend I believe, right?

A) Using C will also request you to fetch user profiles. You need a specific value, related to the user to set a password + email value to create this user. Bubble request theses information to create a user. This is why in user-agent Bubble auth in API connector there’s 3 endpoint to provide: authorization url, token url and profile url.
This is why I don’t see any reason to use the C) solution for this API when you can do A).

@Jici When I use the method c I only get the slack user id which is enough for me to create a fake email. Then everytime the user tries to sign in with slack, I “assign temporary password to user” in the backend, so that I do not need to save anything in the user thing.

The problem for me is that I cant login / signup the current user from the backend. the only thing I can do is log in / sign up and then send the token to the frontend.

I could not find any resource how to best approach is. you know any? thanks

You cannot assign a password that doesn’t come from the API because the only way to keep it secure, is to take it from API. If you store the temporary password in DB, you will also need to make it visible to anyone (and same for password) creating a security issue.

Again, if you really want to do everything manually, you need to use data from API that will not change for this user overtime. Using ID? Ok, you can always create a fake email using id@fakeemail.com … Using ID also for password? Bad idea from my point of view. This could be easily hacked. A solution I can see is to maybe use the access token as password but only if this token never change (so each time you get the token back, it’s always the same value). If not possible, maybe a hash of the profile ID (because you realllllly don’t want to access to user profile…) with a secret key server side (so only you know)

So process is Open external website to authorize, redirect user back to page, check if this user already exist with the id@fakeemail.com, if not sign up user with id@fakeemail.com and password that use access token (if possible) if not, using hash of id and secret key (server side action that need to be done before the signup action) and update current user with access token. If user exist, log in the user following the same process behind sign up. If access token have changed, update current user. If not, don’t need to do that

thanks @Jici. I think you convinced me to try the oauth2 route. I wrote a new topic on that.

1 Like

I’m happy to read this. User data will be more secure this way :wink:

1 Like