User Authentication for backend API workflows

All,

(Before you jump on me: I have read through the forum posts available on this topic and have also played around with implementation.)

Use case
For implementation of complex functionality, I develop a private Plugin that makes use of backend API workflows to manipulate quantities of things in the database. Ideally, each of the API calls would provide the user-specific bearer token to authenticate the user, so that things created in the database are created by the user (as opposed to being created by the admin when authenticating with the application token).

Logging in
Before using the application, the user must log into the frontend, providing username and password. This calls the “log user in” action in the login workflow on the frontend. By that, the user is now identifiable in the frontend.

Obtaining the user-specific token
To obtain a user specific token, that is required for backend API workflow calls, in addition to log into the frontend using frontend workflow, I also need to call a log user in action through a separate backend workflow that will return, besides the user id, also the token (that is another record identifier in some presumably bubble internal table, likely a session table or alike). In order to call that workflow, I do have to pass the user credentials (again) between frontend and server.

Besides exposing credentials twice (encrypted ok, but still): once for the login into the frontend, and once for the login to the backend, I also need to

  • create an additional backend API workflow to log the user in and return the result as json object to the frontend
  • in order to make that API workflow callable, configure an API in the API connector (even though I am accessing my own Bubble API) because I cannot access the token field that the API returns in JSON within the same API workflow because it is not exposed
  • call the backend API workflow etc. etc. etc.

I cannot believe how awkward this is and cannot understand why the “log user in” action cannot set a “token” field in the “Current User” automatically that I can then use to pass off to my plugin code and use for backend API calls.

I must be missing something here and am truly grateful for any enlightenment.

I am nowhere as experienced with Bubble as probably most of the people in this Forum, so take what I say for what it is. I do have a lot of experience with Databases however, just not Bubbles.

I don’t believe Bubble provides a persistent, user-specific token that you can use for subsequent API calls to authenticate that user.

I think in your workflow you would need to create a short term token for the user and store it in your database with the rest of the user’s info. Then you could return the token as a JSON response. In your plugin you would include the stored token, then check that against the database.