Sharing Google OAuth2 Access Token?

sudsy · August 11, 2018, 1:11am

Greetings all,

I’m developing a service that “processes” data from a user’s Google account. The main interface and “dashboard” will be built in Bubble, but there’s a lot of conditional logic, looping, and computation involved in the processing, so I decided to offload that to another system using a subdomain.

So for example, mydomain.com will be on Bubble, but some of the functionality will be implemented at processing.mydomain.com. The problem is that both domains will need access to data in the user’s Google account, but I’d like to avoid having the user authenticate separately on each domain.

Is there a way to somehow “share” the Google access token across these two domains which are part of the same service (and same project in the Google developer console)?

-Steve

ryley.randall · August 11, 2018, 4:26am

You will need to custom build your Authentication flow using the API connector (with the authentication portion being set to none or self handled).
By doing that you can save the Authentication token, refresh token, and token life span in the database. Every API call you make after you will just need to include the Authentication token in the header.

sudsy · August 11, 2018, 11:59pm

Thanks, @ryley.randall. I’m assuming I’d then have to manually manage the refresh and access tokens for offline access, right? Have you tried that with Bubble?

ryley.randall · August 12, 2018, 2:44pm

Yeah you do! I have an app that I do this on.
It is supper easy, all it takes is one API and saving the new values

sudsy · August 12, 2018, 3:06pm

How do you pass the access token from one domain to the other? I’m not quite clear on the best approach for that. Thanks again.

ryley.randall · August 12, 2018, 8:56pm

That is up to you!
You could keep it in Your bubble database and then pull into the app on your subdomain when you need it!
Basically as long as you make a request with an active Authentication token you’ll be able Successfully make the api call, it doesn’t matter if that is being done in a “separate” app.
The nice thing about google is that that you can make the token refresh call with the most recent Authenication token even after the AUTH token is expired.

esmlima · June 21, 2022, 4:43pm

Hi @ryley.randall , could you please share yous screens on this Authentication flow you have built?
Thanks!