Logged Out due to access_token in url

I’m running into a bit of a unique problem and would love some insight if possible:

I’m using a third-party’s API to set up an OAuth2 login. The third party has a very strange OAuth2 setup - it only provides the Login Dialog Redirect but nothing else. I can send the user to the login dialog but everything else past that is manual. Once the user authenticates, it redirects them back to my Bubble Redirect URL with an access_token parameter in the URL. However if I send the redirect URL back to Bubble with access_token in the URL, it automatically logs out the current user due to security reasons.

Ideally, I’d be able to retrieve the access_token from the URL and assign it to the current user, but since they keep getting logged out, that’s not possible.

Does anyone have any potential creative ways to approach this where I can extract the access_token without logging the user out?

Is it a Bubble access_token?

No it’s not, it’s from the third-party API.

Ever get this worked out? Having a similar issue.

Unfortunately there is no way around this as you cannot have “access_token” in the URL with Bubble. However, I did get it to work using a bit of a workaround!

My solution was to retrieve the access token by running a javascript function on the frontend and then pass the access_token onwards using the “javascript to bubble” function in the Toolbox plugin. That way I could access the “access_token” from the “javascript to bubble” element and store it for further use.

Thanks for the reply! I ended up opting for the more server side experience of having a response_type=code then exchange that for the access.