Bubble Docs
  • Introduction
  • New? Start Here
  • What is Bubble?
  • The Glossary
  • User manual
    • Getting started
      • What is Bubble?
      • Building your first app
        • Planning features
        • Database structure
        • Design and UX
        • eCommerce and payments
          • Shopping cart
          • Checkout page
          • One-time payments
          • Subscriptions
          • Marketplace
      • Creating and managing apps
      • The Bubble editor
        • Tabs and sections
          • Design tab
            • The element tree
            • The property editor
          • Workflow tab
          • Data tab
          • Styles tab
          • Plugins tab
          • Settings tab
            • Application settings
              • Custom headers/body
              • Visual settings
              • Social media sharing
              • Translating your app
              • Email settings
              • Collaboration
            • Custom domain and DNS
          • Logs tab
        • Tools
          • Key features
          • The search tool
          • The Issue Checker
          • The element tree
          • The element property editor
          • The debugger
          • Notes
        • Previewing your app
      • Transitioning to Bubble from...
        • JavaScript
        • HTML and CSS
        • SQL
    • Design
      • Elements
        • The element hierarchy
          • The element tree
        • The page
        • Containers
          • Groups
          • Repeating groups
          • Table elements
          • Popups
          • Floating groups
          • Group focus
        • Visual elements
        • Input forms
          • Text and numbers
          • Dates and time
          • File uploads
          • Selection controls
        • Reusable Elements
      • Styling
        • Color variables
        • Font variables
        • Styles
        • Custom Fonts
      • Responsive design
        • Building responsive pages
        • Legacy articles
          • The Basics (Legacy)
          • Building Responsive Pages (Legacy)
          • Migrating Legacy Pages
          • Tips When Designing (Legacy)
      • Templates
      • The Component Library
      • Importing from Figma
    • Data
      • The database
        • Data types and fields
        • Creating, saving and deleting data
        • Finding data
        • Displaying data
        • Protecting data with privacy rules
        • The database editor
        • Export/import data
          • Exporting data
          • Importing data (CSV)
        • Working with location data
        • Using Algolia
        • Database structure by app type
          • Marketplace Apps
          • Directory & Listings Apps
          • Social Network Apps
          • SaaS Apps
          • Project Management Apps
          • CRM Apps
          • Professional Services Apps
          • On-demand Apps
          • Documentation/ CMS Apps
          • Applicant Tracking System (ATS) Apps
          • Portfolio Apps
          • Gallery Apps
          • Online Store / Ecommerce Apps
          • Blog Apps
          • Messaging App
          • Dashboards
          • Building Block Apps
          • Bubble as a backend
      • Files
      • Images
      • Static data
        • App texts (translations)
        • Option sets
      • Temporary data
        • Custom states
        • URL parameters
      • User accounts
        • Authentication plugins
          • Facebook plugin
          • Fitbit plugin
          • Google plugin
          • Instagram plugin
          • LinkedIn plugin
          • Pinterest plugin
          • Slack plugin
          • Wistia plugin
          • YouTube plugin
        • Cookies set by Bubble
      • Time, dates and time zones
    • Logic
      • The frontend and backend
      • Workflows
        • Events
          • Frontend events
            • Recurring workflows
            • Custom events
          • Backend events
            • Database trigger events
        • Actions
        • API Workflows
      • Dynamic expressions
      • Conditions
      • Navigation
        • Single-page applications (SPA)
        • Multi-page applications
        • Page slugs
    • Workload
      • Understanding workload
        • Activity types
        • The workload calculation
        • Client-side and server-side processing
      • Tracking workload
        • Measuring
          • Using App Metrics
        • Monitoring
          • Workload notifications
          • Infinite recursion protection
      • Optimizing workload
        • Optimization framework
        • Optimization checklist
          • Page load
          • Searches
          • Workflows and actions
          • Backend workflows
        • Agency showcases
          • Minimum Studio
          • Neam
          • Support Dept
    • Security
      • Bubble's security features
      • Planning app security
      • Client-side and server-side
      • Bubble account security
      • App security
      • Page security
      • Database security
      • API security
        • API Connector security
        • Data API security
        • Workflow API security
      • Flusk
        • Overview
        • Flusk plan features
        • Getting started with Flusk
        • Flusk security tools
          • The Issues Explorer
          • Issue details
          • Tools and settings
            • Pages rating
            • Database rating
        • Flusk FAQ
      • Cookies
      • Security checklist
    • Publishing your app
      • Web app
      • Native mobile app
        • Global native mobile settings
        • iOS App Store
        • Google Play Store
        • Publishing FAQ
    • AI
      • Generate apps with AI
        • About AI app generation
      • AI page designer
      • Connect to AI agents
    • Maintenance
      • Collaborators
      • Version control
        • Best practices: Version control
        • Transitioning from the legacy version control
        • Terminology: Version control
        • Version Control (legacy)
      • Commenting
      • Database maintenance
        • Copying the database
        • Restoring database backups
        • Bulk operations
          • Bulk operation methods compared
        • Wiping change history
      • Performance
        • Hard limits
        • Capacity Usage (legacy)
        • Notes on queries
      • SEO
        • Introduction to SEO
        • SEO: App
        • SEO: Page
      • Testing and debugging
        • Introduction to testing and debugging
        • The debugger
        • The server logs
        • Supported browsers
      • API workflow scheduler
    • Integrations
      • API
        • Introduction to APIs
          • What is a RESTful API?
        • The Bubble API
          • Bubble API terminology
          • Authentication
            • How to authenticate
            • No authentication
            • As a User
            • As an admin
          • The Data API
            • Data API Privacy Rules
            • Data API endpoints
            • Data API requests
          • The Workflow API
            • Workflow API privacy rules
            • Workflow API endpoints
            • API workflows
              • Creating API workflows
              • Scheduling API workflows
              • Recursive API workflows
              • API Workflow Scheduler
              • Case: Stripe notifications
        • The API Connector
          • Authentication
          • API Connector security
          • API guides
            • OpenAI
              • Authentication
              • Calls
                • ChatGPT
                  • Chat
            • Google Translate
              • How to setup Google API keys
          • Streaming API
        • API security
        • Plugins that connect to APIs
        • API Glossary
      • Plugins
        • What Plugins Can Do
        • Installing and using Plugins
        • Authentication plugins
        • Special Plugins
      • SQL Database Connector
      • Bubble App Connector
      • WorkOS
        • WorkOS SSO
        • WorkOS API
    • Infrastructure
      • Sub-apps
      • Bubble release tiers
      • Hosting and scaling
        • How Bubble hosting works
        • Scaling with Bubble
        • CDN (Cloudflare)
        • Bubble app names
        • Domain and DNS
      • Compliance
        • GDPR
        • SOC 2 Type II
        • HIPAA
        • Other frameworks and standards
    • Bubble for Enterprise
      • Hosting and infrastructure
        • Dedicated instance
          • The Dedicated editor experience
          • Technical specs
          • Main cluster dependencies
          • Customizable options
          • Migration process
            • Pre-migration
            • During migration
            • Post-migration
      • Security and compliance
        • Single sign-on (SSO)
        • GDPR
        • SOC 2 Type II
        • HIPAA
        • Other frameworks
        • Bubble's security features
      • Admin and collaboration
      • Priority support
      • Billing and Payment Guideline for Dedicated Instances
  • Core Reference
    • Using the core reference
    • Bubble's Interface
      • Design tab
      • Design tab (Legacy)
      • Workflow tab
      • Data tab
      • Styles tab
      • Styles tab (Legacy)
      • Plugins tab
      • Settings tab
      • Logs tab
      • Template tab
      • Toolbar
      • Top and context menu options
      • Deployment and version control
        • Deployment & Version Control Dropdown (legacy)
      • Notes
    • Elements
      • General properties
      • General properties (Legacy)
      • Styling properties
      • Styling Properties (Legacy)
      • Responsive Properties
      • Responsive Properties (Legacy)
      • Conditional formatting
      • States
      • Page Element
        • Page Element (Legacy)
      • Visual Elements
      • Containers
      • Container Layout Types
      • Containers (Legacy)
      • Input Forms
      • Reusable Elements
      • Element Templates (legacy)
    • Workflows
    • Events
      • General events
      • Element events
      • Custom events
      • Recurring event
      • Database trigger event
    • Actions
      • Account
      • Navigation
      • Data (things)
      • Email
      • Element
      • Custom
    • Data
      • Data Sources
      • Operators and comparisons
      • Search
      • Privacy
    • Styles
    • API
      • The Bubble API
        • The Data API
          • Authentication
          • Data API endpoints
          • Data API requests
        • The Workflow API
      • The API Connector
        • Authentication
        • Adding calls
    • Bubble-made Plugins
      • AddtoAny Share Buttons
      • Airtable
      • API Connector
      • Blockspring
      • Box
      • Braintree
      • Bubble App Connector
      • Chart.js
      • Circle Music Player
      • Draggable Elements
      • Dropzone
      • Facebook
      • Fitbit
      • Full Calendar
      • Google
      • Google Analytics
      • Google Optimize
      • Google Places
      • Ionic Elements
      • iTunes
      • Slidebar Menu
      • LinkedIn
      • Localize Translation
      • Mixpanel
      • Mouse & Keyboard Interactions
      • Multiselect Dropdown
      • Progress Bar
      • Rich Text Editor
      • Rich Text Editor (Legacy)
      • Screenshotlayer
      • SelectPDF
      • Slack
      • Segment
      • Slick Slideshow
      • SQL Database Connector
      • Star Rating
      • Stripe
      • Tinder-like Element
      • Twitter
      • YouTube
      • Zapier
    • Application Settings
      • App plan
      • General
      • Domain / email
      • Languages
      • SEO / metatags
      • API
      • Collaboration
      • Sub-apps
      • Versions
  • Account & Marketplace
    • Account and billing
      • Pricing and plans
        • Plans and billing
        • Billing cycle
        • FAQ: Pricing and Workload
      • Account Management
      • Building Apps for Others
      • Selling on the Marketplace
      • Plans & Billing (legacy)
    • Official Bubble Certification
      • Hiring certified developers
    • Building Plugins
      • The Plugin Editor
      • General Settings
      • Updating to Plugin API v4
      • Adding API Connections
      • Building Elements
      • Building Actions
      • Loading Data
      • Publishing and versioning
      • Github Integration
    • Building Templates
    • Application and data ownership
    • Marketplace policies
    • Bug reports
  • Vulnerability Disclosure Policy
  • Beta features
    • About the Beta features section
    • Native mobile apps 🔒
      • Introduction
        • What is a native mobile app?
        • Native mobile vs. web development
        • Differences in native and web elements
        • Native mobile app terminology
      • Building
        • Views and navigation
        • Native mobile actions
        • Components and gestures
        • Device resources
          • Location services
          • Camera/photo library
      • Previewing
      • Publishing
Powered by GitBook
On this page
  • Auth: The basics
  • What is OAuth?
  • How does OAuth work?
  • Why is OAuth useful?
  • How does OAuth look to the end-user?
  • Actions, elements and data sources
  • Actions
  • Data sources
  • Elements
  • Official Bubble OAuth plugins
  • External documentation
  • FAQ: Third-party authentication plugins
  • Other ways to learn

Was this helpful?

  1. User manual
  2. Data
  3. User accounts

Authentication plugins

OAuth plugins allow you log users in using a third-party platform such as Google, Facebook, LinkedIn, X (formerly Twitter), Instagram and others.

This article series covers how to set up the official plugins developed by Bubble or the third party offering the external service.

This article series covers the Bubble-made/provider-made OAuth plugins. There may be other plugins available in the plugin stores the offer different features on the same OAuth providers, or additional OAuth providers. For documentation and the latest updates on these plugins, please reach out to the plugin creators.

Throughout this article, we will refer to you as the Bubble developer as the user, and the users of your app as end-users.

Auth: The basics

Imagine you're at a party and someone you trust (like a friend) vouches for someone new, saying they're cool. You're more likely to trust this new person because your friend says they're okay. That's kind of like what OAuth does, but in the digital world.

What is OAuth?

OAuth stands for "Open Authorization", and is a standard for delegating access to apps and systems. In simpler terms, it lets an end-user give an app permission to access their information on another app without giving away the password to that app.

In this context, it means that the user can use that third-party platform to sign up and log in to your Bubble app. It sometimes means that your app can fetch information about that end-user, such as their email, name, social media posts and profile picture too, removing the need for a manual form. In some cases, the user can choose what information to reveal.

How does OAuth work?

  1. Requesting Permission: When an end-user uses your app, and needs to access information from another service (like Google, Facebook, etc.), the web app will redirect the end-user to a form hosted by that app/system, and ask for permission. This is like asking, "Hey, can I check your info on Google?"

  2. Approval and Tokens: If the end-user says "Yes," Google (in this case) gives your app a special code, called an access . Think of this token like a temporary VIP pass; it lets the web app access only what the end-user agreed to share and nothing more.

  3. Access and Security: The web app uses this token to get the information it needs. Your app never knows the end-user's password for Google, giving the user a secure way to sign up/log in.

Why is OAuth useful?

  1. Security: It keeps passwords safe. The end-users password with the OAuth provider is never revealed to your Bubble app.

  2. Control: End-users can control what information they share and can revoke access at any time.

  3. Convenience: It's easier for end-users. They don’t need to create new accounts for every web app they use.

How does OAuth look to the end-user?

Most of your end-users are not aware of what OAuth is and how it works, and in most cases, they don't have it, as long as it provides an easy-to-use and secure way to sign up and log in.

Here's how the process typically unfolds:

  1. Choosing to connect: The end-user arrives at your app and sees an option to log in or sign up using services like Google or Facebook.

  2. Clicking to proceed: They select this option, often presented as a button labeled "Sign in with Google" or similar.

  3. Reviewing permissions: A pop-up window appears, asking the end-user to confirm if they are comfortable sharing certain information with your app, such as their email address.

  4. Consenting to share: If the end-user agrees, they click "Allow" or a similar confirmation button.

  5. Access granted: Your app now accesses the necessary information, and the end-user is directed to their account, ready to use your app's features.

  6. Managing access: The end-user can always manage what information they've shared with various apps, including yours, through their account settings on the service they used to log in.

Actions, elements and data sources

Actions

Signing up/logging in using a third-party OAuth app can add new to your app, relevant to the app the end-user is using to authenticate. For example, the Slack plugin allows you to post bot messages in a given Slack channel.

Data sources

Some OAuth providers provide new that can provide basic or extensive data about the end-user on that platform, such as:

  • The end-user's full name and/or nickname

  • Profile picture

  • Social media posts

Elements

Some plugins also add new elements to the Bubble editor. For example, the Facebook plugin offers an element to show a number of likes for a given Facebook page.

Official Bubble OAuth plugins

We have individual articles on each of the official OAuth plugins created by Bubble or the third-party provider:

Note that this is not an extensive list of all Bubble-made plugins, but only the ones that offer authentication.

External documentation

Throughout this article series, we often point to external documentation. This approach is taken to guarantee that the information provided is both current and accurate. For instance, the method for generating and retrieving an API token or key can vary based on the specific service you're linking to. In these cases, the documentation from the respective third-party service is the definitive and up-to-date source for such procedures.

Please note that Bubble is not responsible for the content found in these third-party links.

FAQ: Third-party authentication plugins

Is OAuth secure?

Yes, OAuth is considered highly secure, equal to using a username and password. All communication with the third-party is encrypted and routed through Bubble's server.

Can I offer more than one authentication service?

Yes, you can offer as many as you like, but the end-user's selected choice is permanent. If the end-user wants to connect to a different provider after signing up, they will need to create a new account.

Can I combine an OAuth account with a traditional email/password account?

Users in Bubble can use traditional logins and social logins at the same time. There are a few cases here:

  • Signing up when logged in: When a user already logged in with their email and password chooses to link their account with an OAuth provider, their existing account gets updated with the new authentication credentials. This means no new user account is created. After completing this linking process, the user has the flexibility to log in either with their email and password or through the OAuth flow.

  • Email already exists: However, if a user tries to sign up by linking an account with OAuth and another user in the database already has the same email as the one provided by the external service, the process won't succeed. Instead, the user will receive a notification about the issue.

  • Signing up without being logged in (existing account): On the other hand, if a user isn't logged in and goes through the OAuth flow, the system will create a new user account. But, if there's an existing user in the app's database with the same email as the one registered with the external service (like Facebook), this action will also fail, and the user will be informed.

  • Adding password to existing OAuth account: For users who initially signed up using an external service and want to add a password to their account, they can do so by initiating a 'reset the user's password' action. This step adds email and password credentials to their account, which previously only used OAuth for authentication.

Other ways to learn

Articles

Introduction to how user accounts work in Bubble:

The authentication plugins are an easier way to connect to API services. To learn more about what APIs are and how to set up your own connections, see the article series below:

Videos

Last updated 1 year ago

Was this helpful?

Article series:

Facebook
Fitbit
Google
Instagram
LinkedIn
Pinterest
Slack
Wistia
YouTube
User accounts
APIs
User authentication (Bubble Introduction Series [6/10])