Log-in via a third party service (e.g. Google, Facebook, ...)

You may see on other websites the ability for a user to create an account or log in via Google, Facebook, Twitter, etc. This is generally known as a version of OAuth, and the third party being used as the source of information about an account is the "OAuth provider". This is a quick overview of how this concept generally works, to accompany the Reference material about this feature.

What is OAuth

In this case, OAuth, put simply, is the feature of leveraging another "app" as a source of information about a user's identity. Instead of your Bubble app containing information about a user's username and password, instead you can "outsource" the logging in to the third party. Popular third parties to use here include Google, Facebook, Twitter, Instagram, and more.

Users generally like this feature because it means they don't need to create another password to remember for your Bubble app. Generally OAuth simplifies things for developers as well, and in Bubble this is no exception.

How OAuth works in Bubble

To activate an OAuth provider in Bubble, you must find and install the Plugin corresponding to that OAuth source. In the Plugin gallery, you can filter for "Login Service" to see these options.

Once installed, when using the workflow action "Signup/login with a social network", you should see the OAuth source you just installed in the "OAuth provider" dropdown. A common design is to connect this workflow action to a button on your login page that says "Signup / Login with Google" or whoever the OAuth provider is.

When a user of your app creates an account with an OAuth provider, a new User thing is created in your app's database. Using any OAuth provider will pull in that user's email address, so that is still the definitive way to identify and work with Users in your app.

A special caveat about these Users is that they are created without a password. Users can still set their own password by activating any flow that resets their password (e.g. "Forgot your password?") - the first time a user "resets" their password and follows the instructions, it actually creates a password for that User thing.

It is also possible, though a bit more complex, to do things like associating an OAuth login with an already-existing Bubble User, adding multiple OAuths to a given User, etc. - for help with these more advanced use cases, please refer to the forum.

What else needs to be done

When you want to use a 3rd party service as an OAuth provider, you generally have to alert them that you will be doing so. This usually involves registering your Bubble app with the OAuth provider in order to obtain an API key(s). These key(s) are generally inputted into the corresponding plugin's setting. The provider's documentation should lay out steps for how to register your app and obtain the right keys.

Note also that some providers require you to provide URLs that you authorize to initiate the OAuth flow, which helps improve the security of the entire login flow. Be careful to register both the development and live versions of your app, if relevant.

results matching ""

    No results matching ""