Hello,
We have setup our Bubble app to work with our SSO. This means that the password management is made on the SSO and we login users on Bubble using a global password in the backend. On first signup (backend again), the global password is assigned and then the same password is used when signing up (backend still).
Today we experienced a case where Bubble would not accept the password for some user (we tested by running as the user and doing a chekc of the user’s password). There is only one workflow (the signup workflow) which manages the password, so we could not know the cause for it.
We wanted to fix the data, but the Update User Credentials workflow requires knowing the old password in order to set the new password. As a workaround, we had to change the user’s email in the database, reset the password and receive the email on behalf of the user, set the global password via the UI and finally restore the user’s actual email.
If this is an isolated incident, this workaround would be acceptable, but if we find out that we have 100s of users in this situation, we would need to run a workflow to set the correct global password without having to know the current password.
Did I miss something? What’s the solution here? Why would the backend workflow force the developer to know the existing password? Should there not be a way to override this requirement in the workflow?
