I am using Spotify API, using their authorization code flow.
For specific reasons, I need to reuse the Spotify Authentification Token elsewhere.
The API using Bubble API Connector (with OAuth2 User-Agent Flow) works fine, but I can’t access or use the spotify authorization code or tokens. Do you know any solution ?
Otherwise, I need to reproduce the Spotify authentication workflow without OAuth2 User-Agent Flow but there is a lot of steps, and it’s not very smooth.
Spotify API uses a refresh token mechanism every hour, is it natively handle by the OAuth2 User-Agent Flow ?
If it can helps someone, what I finally did is reproduce the whole Spotify authentification using workflows and a “Spotify auth page” on Bubble to redirect users when page load.
Then I could store the user Token & Refresh Token into my database.
I refresh the token every time a user loads my app.
It takes more time to configure than using the Bubble OAuth2 User-Agent Flow, but it works.
If you’re going to store a long term (non-expiring) access token in the database, I would recommend that you encrypt the token at rest and decrypt it only when you want use it, e.g when making an API call. Don’t keep the encryption key in the database. Even though the bubble database is already encrypted at rest, if it is hacked or you haven’t properly configured privacy roles, your users’ tokens could be leaked. By encrypting it, it means the even if this happens, the tokens can’t be used.
You have to create 2 API connections using the API Connector.
On the connection button workflow, the redirect uri should focus a dedicated page on your app (spotify auth page for me).
Then another workflow is executed when the auth page load.
Remember that the Spotify acess token will expire in few hours, so you need to refresh it when it has been expired and using the user refresh token (see the custom event).
If you find optimizations or better solution it will be great to share it !
Your are right, even if the access token expires frequently, we should encrypt the refresh token that is more persistent. But do you have tips on how to do so?
Ok thanks, sounds like a decent workaround.
The zoho functions aren’t as powerfull as the coql queries (AND logic only, no OR) but better than nothing.