I’m brand new to bubble (and not super experienced in web dev generally) so I am looking for both general and specific guidance.
I have a back end database application that I wrote myself, and I am planning to use bubble.io to build a front end for it using the API connector. I am trying to decide how the authentication workflow should work.
Here’s the situation:
- My application (“pancake”) is running on AWS and is accessible to the public internet.
- pancake uses standard OAuth password flow to generate bearer tokens
- Users access pancake via a python tool - they need to know their credentials
- They can also use an API key which my application generates
- I want users to use the Bubble.io app to create and manage their accounts, and also interact with the service in a browser
When I create a new user account in bubble.io, the password is concealed (as is best practice)- so I cannot share it with pancake. This means my bubble.io app is going to need its own credentials to access pancake ON BEHALF OF the user.
My current plan is to keep private pancake credentials for the user inside of my bubble.io database, and then provide an API key to the user for them to access pancake from python.
My question has three parts:
- How should I store those pancake credentials on bubble.io? It’s bad practice to keep them in plaintext, but I don’t know how else to do it.
- If I store username/password credentials, how do I deal with those tokens expiring? should I also store the bearer tokens in the database, or simply re-authenticate for every operation? or does bubble.io have some more clever way to do this?
- Does the approach spelled out above make sense? Is there a better way to accomplish this?
Thanks in advance.