OAuth2 Custom Token with form-urlencoded

If the access_token you need for the authentication can only be accessed with a form-urlencoded Content-Type (and not a JSON), you still can add your parameters as a querystring directly in the body section :

And no need to add “?” as a first character.

1 Like

[EDIT: My question was stupid, but understandable. See my own answer just below. I’ve noted all of this to Support that some sort of positive feedback from the API connector would be nice in this instance.]

I have an API that needs custom token auth like this, so this is very helpful to see. My only question around this, Nicolas, is where they heck does the access token go?

I’ve successfully set up APIs that use the “User-Agent” (social login) flow. However, the Custom Token flow has me a bit stumped. In the case of the API I’m setting up, the call to the token endpoint is supposed to return:

** “token_type”:“bearer”,**
** “expires_in”:31536000**

And the docs for this API say,

"Please include ACCESS_TOKEN to request headers with every request as indicated.

Authorization: Bearer ACCESS_TOKEN

But I’m stumped on what I’m to do with that… Here’s where I am right now - (Again, this is just one of those cases where ONE successful example would help!):

ALSO the docs don’t tell you how to understand if what you have is right… The custom token setup is VERY mysterious to me right now. Obviously, I have all the info I need to make this work, but I can’t GUESS at the syntax for how to retain the token…



OH GEEZ, sorry to self-answer. But of course, RIGHT after posting this, I discover that the reason I thought auth was failing is I simply had a typo in the calls I was trying to test with.

Anyway, to answer MY OWN question. (derp!) … You don’t put ANYTHING to do with the token here (just as in original example). It magically gets handled. (Nicolas’s example if correct.)

I guess the thing that tripped me up is that Bubble provides NO FEEDBACK about whether it has successfully retrieved a token in this authentication method. (That would be a nice feature!)

Hopefully, this dialog with myself helps someone in future. And thanks to OP Nicolas for this VERY helpful screen grab!


Does anyone know how I can handle the JSON response from the api call using token instead of access_token as the key?

For example, the response is

        "expires_in": 3600,
        "token": "eyodjfaokjds289394823948sdfjnadjfn...."

I think the api connector is expecting the token key to be access_token rather than just token

IMO sometimes its easier to just build each call and response rather than use the Oauth pre built connector

Yeah frustrating thing about handling the access token yourself is you can’t make any api calls on the front-end without exposing the access token. You can build the calls in the backend and call those from the front-end, and it looks like I’ll have to go that way but it would be easier to use a bubble system that keeps the keys and tokens private so I can make the call straight from the front-end

1 Like