Account

Sign the user up

This action creates a new user in the application database. Signing up a user requires an email and password. Once a user is created, they will be able to login, logout, and information can be saved for that user. It is important to note that when a user signs up, they will be logged in immediately. Their information can be accessed through the Composer using 'Current user's email,' etc.

Email

This is the email used to sign the user up. It is the unique identifier of the user. Usually, this property is the value of an input and looks like 'Input email's value.'

Note: Two users cannot have the same email.

Password

This is the password used to sign the user up. Usually, this property is the value of an input and looks like 'Input password's value.'

Require a password confirmation

Check this box to require users to type their password twice when they sign up to make sure the user did not make a mistake. If you check this box, the form should have two different inputs.

Password Confirmation

This field defines where to find the confirmation of the password. It should be the content of an input that is different from the initial input for the password.

Send an email to confirm the email

Check this box to send an email to the user confirming that their email address is valid and that they can access it. This email contains a link that once clicked will set the user's property 'email confirmed' to yes. Customize the content of this email in the Languages section in the Settings Tab. Look for 'Email confirmation subject' and 'Email confirmation body.'

Confirmation page

Enter the page where the user is taken after clicking the link in the confirmation email.

Remember the email

Set this field to true for the browser to remember the email entered in the signup form. In this case, when the user is logged out, the email input will display the last saved email.

Change another field

Click this button to save additional fields for this user. This is equivalent to a 'Make change to current user' or 'Make change to thing' action modifying the current user.

Log the user in

This action logs an existing user in with an email and password. The user must have already signed up for this action to proceed. When successful, this action triggers the event 'The current user is logged in.'

Email

Define where to find the email. Usually, it will be 'Input email's value.'

Password

Define where to find the password. Usually, it will be 'Input password's value.'

Stay logged in

Set this field to true to keep users logged in after 24 hours. Make this option dynamic with a checkbox, which is a common UX pattern.

Remember the email

Set this field to true for the browser to remember the email entered in the signup form. In this case, when the user is logged out, the email input will display the last saved email.

Opt-in to cookies

This action is only visible for applications that have enabled the "Do not set cookies on new visitors by default" setting. Call this action to indicate that the user has opted-in to your site storing cookies. Calling this action will create a new, temporary user associated with the current user's web browser, which you can use to store information about the user in between visits to your application. If this action is not called, information stored on the Current User object will be lost whenever the user closes their web browser tab. Note that we need to use cookies to enable signing up or logging in, so on sign up / log in, Bubble implicitly calls this action, even if you don't explicitly call it: if you do not want users to be able to sign up without explicitly opting into cookies, you must prevent them from calling the signup action yourself.

Opt-out from cookies

This action is only visible for applications that have enabled the "Do not set cookies on new visitors by default" setting. This action removes all Bubble-set cookies from the user's web browser, which will log them out of their account if they are currently logged in, and break the association between the user's browser and any temporary user that was created in the database to track them. Calling this action if the user has not previously opted-in to cookies will have no effect.

Signup/login with a social network

This action signs a user up using Facebook, Instagram, or other social network known as an OAuth provider. This action creates a user in the application database but does not use an email/password identification. Instead, Bubble uses a token provided by the OAuth provider. When a workflow hits this action, the user is prompted to approve the access to their information. To use this action, create an application as a developer on Facebook or other provider and copy the keys the provider gives you in the Plugins Tab.

Note: Some providers, such as Google, expect the exact URL to be specified in the Developers Console, including a '/' at the end.

See Authenticating Users

OAuth provider

Choose which service to use for authentication. Install the relevant plugin through the dropdown menu in the Plugins Tab or add an API with the API Connector.

Log the user out

Logs the user out and triggers the 'Current user is signed out' event.

Update the user's credentials

This action changes the user's email and/or password. The system requires the user to type their previous password again for security reasons. When using this action, the interface should have a form for the old password and the new email/password.

Our Academy course includes how to update the user's credentials

Old password

Enter where to find the old password, which is usually 'Input old password's value.'

Change email

Check this box to allow users to change their email.

Email

Define where to find the new email, which is usually 'Input new email's value.'

Change password

Check this box to allow users to change their password.

New password

Define where to find the new password, which is usually 'Input new password's value.'

Require password confirmation

Check this box if you want users to type their password twice when modifying their credentials to make sure they do not make a mistake. If this box is selected, the form should have two different inputs.

Confirmation

Define where to find the password confirmation, which is usually 'Input new password confirmation's value.'

Do not show success message

By default, Bubble displays an alert informing the user when the action is successful. Deactivate this behavior by deselecting this box if you want to display a custom message instead of the default Bubble message.

Send an email to confirm the email

Check this box to send an email to the user confirming the new email is valid and that the user can access it. This email contains a link that once clicked will set the user's property 'email confirmed' to yes. Customize the content of this email in the Languages section in the Settings Tab. Look for 'Email confirmation subject' and 'Email confirmation body.'

Confirmation page

Enter the page where the user is taken after clicking the link in the confirmation email.

Make changes to current user

This action modifies the current user and saves this information in the application database. This is equivalent to a 'Make change to thing,' modifying the current user.

Changes

List the modifications to apply to the current user. Select the field to modify, the operation, and the new value.

Send confirmation email

This action sends an email to the currently logged-in user to confirm the email is valid and that they can access it. If an email was already confirmed, the user's property 'email confirmed' is marked as unconfirmed until the user clicks the link in the new email.

Confirmation page

Enter the page where the user is taken after clicking the link in the confirmation email.

Send password reset email

This action sends an email with a reset link to the user when the password is forgotten. The link goes to the reset_pw page that is built into the Bubble Editor and handles the reset of the password.

Email to reset

Enter the email for where to send the link to reset the password. The form should have an input for the email.

Note: The email should already exist in the database. Otherwise, there is no password to reset.

Subject

Enter the subject of the email.

Body

Enter the content of the email. The reset password link is added to the end of the email.

Just make token, don't send email

In the reset password email, there's a link that looks like https://yourdomain.com/reset_pw?reset=[LONG_ID]. The token is just the LONG_ID part of that link. Manually recreate the link at a later point in time and reset the password then. Tokens can only be used once. This feature adds flexibility. For example, maybe you want an administrator to create an account for someone else and then email them from a personal account rather than having the user receive a system-generated email. Get the LONG_ID as a result of this action in the subsequent actions of the workflow.

Reset password

This action resets the password of a user on the reset_pw page and gives a token for the URL. See 'Just make token, don't send email' above. The token expires after 24 hours.

Our Academy course includes how to build a reset_pw page

Password

Define where to find the password. The reset_pw form is built into the app. If you changed the form, however, define which input contains the password.

Confirmation

Define where to find the confirmation of the password. It should be the content of an input that is different from the initial input for the password.

Create an account for someone else

This action creates an account for someone else without logging the new user in. This is useful to create an admin page and control who is allowed to sign up. Access this user in the following actions.

Email

Enter the email of the new user, which usually comes from an input.

Password

Define the password for the new user. Hardcode a value or use an input. Note: This field is deprecated and only available in older apps.

Return the user if the account already exists

When creating a new user that already exists, e.g., the email is already in the application database, the action returns an error. Check this box, and the action will simply return the user so that you can manipulate it in subsequent actions.

Changes

Add the modifications to apply to the new user. Select the field to modify, the operation, and the new value.

Check password for the current user

This action checks a value against the 'Current user's password.' If the password is correct, the workflow continues. Otherwise, it stops and displays a message to the user. Use this to validate the password before an important operation, such as deleting an account.

Password

Define which tentative password should be checked. Usually, it comes from an input element.

Assign a temp password to a user

This action deletes the password of a user and assigns a temporary one. Text is returned by this action and can be used in upcoming workflows. When the user tries to log in using this password, they will be taken to the page defined in the 'Redirect users who haven't changed their password' option in the General section in the Settings Tab.

User

Define which user to assign the password to. It should be of type user. If the type is inconsistent, the expression will be red.

Change the email for another user

This action modifies a user's login email. It is intended to be used in administrative workflows to modify the email of a user who may or may not be actively using the app at the time. To enable a user to change their own email, use the 'Update the user's credentials' action. This is more secure because it makes them re-enter their password to confirm that they are actually authorized to perform that action. In contrast, this action is intended for situations where an admin needs to update the account of another user, whose password they don't know.

Warning: Do not include this action in workflows run by ordinary users.

User

Enter the user whose email is being changed.

New email

Enter the new email. The next time this user logs in, they must enter this email rather than their previous email.

Log out other user's sessions

This action lets you log out all sessions of the current user, except the one where the user triggers this action. This is a useful action for security, when users when to make sure no other devices have a logged-in session. If you need to log out the user from the current session as well, you can use a Log the user out action after this action.

Generate a 2FA QR code

This action lets you generate a unique QR code for a user, so that they can set up two-factor authentication with Google Authenticator or Authy. The user should confirm his/her password first.

Note: This is an advanced feature and only accessible on the Production plan.

Password

To set up two-factor authentication, users need to enter their password to confirm their identity. This property define where to find the existing password.

Validate token and activate 2FA

This action lets the user validate the unique temporary token he will get from Google Authenticator or Authy the first time to validate the flow. Once the user has been through that process, he will be marked as using two-factor authentication and will have to go through the token check step to log in to your application.

Token

This is the token the user wants to validate. It should be coming from an input on the page.

Check 2FA token

This action lets the user validate the unique temporary token he will get from Google Authenticator or Authy. If he goes through that step successfully he will be logged in to the application.

Token

This is the token the user wants to validate. It should be coming from an input on the page.

Valid_30_days

When set to yes, the user will not be required to check his token for another thirty days on the current device/browser.

Disable 2FA for the current user

This action disabled the check for a temporary token for the current user. Once a user has gone through that step, he won't have to enter a temporary code to log in.

Password

To disable two-factor authentication, users need to enter their password to confirm their identity. This property define where to find the existing password.

Token

This is the token the user wants to validate. It should be coming from an input on the page.

Generate one-time backup codes

This action lets you generate 10 unique codes that can be used by the user instead of a temporary two-factor authentication token to log in to his account. This codes can be used only once, and regenerating a list will cancel previous codes. These codes are useful when the user loses his phone, etc.

Password

To disable two-factor authentication, users need to enter their password to confirm their identity. This property define where to find the existing password.

Token

This is the token the user wants to validate. It should be coming from an input on the page.

Number_of_codes

This is the number of codes you want to generate. It defaults to 10.