Bubble and Xano Part 1: User Authentication (login) and Displaying Data Belonging to User
Рет қаралды 6,625
2 жыл бұрынUser Authentication between Xano and Bubble can be accomplished by storing the auth token in the current user's object. This can then be used to hit authenticated endpoints in Xano so you can do things like separate data that is unique to the logged-in user.
Visit Xano - The Fastest No Code Backend Dev Platform
go.xano.co/3atukBj
Twitter
/ nocodebackend
Subscribe to Xano's Channel for Weekly New Content
/ nocodebackend
@levib2162 2 жыл бұрын
This has solved many of my problems, thank you.
@AntonyHawkerr Жыл бұрын
Thanks for the tip on the auth token. Quick question to check: There are multiple pages on my site where I want the user to be able to navigate between and see only info relevant to their own account on each. Am I correct in thinking that to make this work across the area of the site accessible by members/users logging in, I can pass the user's auth token via the URL parameter on each page link in the way that is shown in the single example of passing the token on log in to the list of restaurant details?
@aiautoglasscrm 2 жыл бұрын
Like the new look
@ianhayes8680 Жыл бұрын
Michael...not sure if you already mention this, but Bubble's "Log the User Out" function clears the Current User record, including XANO's auth token, thus clearing the cookie as we are using it.
@codeHacker693 Жыл бұрын
Hello, did you find any solution for this issue?
@baloshi69 2 жыл бұрын
will after user close this windows is this token be deleted automatically, And should need to use privacy rules on this to make it Safe.
@alvanzaputra5839 Жыл бұрын
Hello, nice video i follow your tutorial and got error Raw response for the API Status code 500 {"message":"Invalid password syntax."} when initialize call, can you help. thank
@trashtalk7925 Жыл бұрын
Hey Michael, I am trying to implement authentication but my user's table is in bubble's database actually I need to involve authentication on every api call but since all the tutorials have user table in Xano, it is confusing for me to send a token(JWT maybe) from bubble on every api call lets assume I have a orders table and when a user tries to access the orders, they need to be authenticated. what token to generate on bubble and how to later use it
@nocodebackend Жыл бұрын
Hey there - you will want to have your user data in Xano in order to leverage Xano's authentication
@nicolatoledo Жыл бұрын
hi, i want to do something similar but store the third party token inside the xano user object, and then create in xano some api that will call the external server with the token, do you think is ok or there is a better way in xano to store the token? thanks
@nocodebackend Жыл бұрын
Hi Nicola - you could do that. But keep in mind, JWE tokens expire by nature so you would want to account for that in your logic
@nategell Жыл бұрын
How do we handle errors when the user inputs incorrect username and password? I'm getting a 403 error from the API call and bubble throws an alert to the browser. Is there a way in the Xano API builder to pass a 200 response with an error message?
@nategell Жыл бұрын
I figured it out by using some conditional logic in the Query Workflow
@jeffstrang643 2 жыл бұрын
Hi Team, how safe is this approach? For example, is it at risk of an XXS attack?
@nocodebackend 2 жыл бұрын
Hey Jeff! Can you shed some light on how you think this would be vulnerable to an XXS attack please?
@aneeshmohan825 5 ай бұрын
I am not creating a current user. This method is not working for me. I am unable to identify current user at all.
@nocodebackend 5 ай бұрын
Hello! Could you please ask your question in our community forum (community.xano.com/)? And include as much detail as possible, such as error messages, screenshots, or a Loom video. Let us know any blockers you're facing. We'd be happy to help!
@Ray-mf6vx Жыл бұрын
This approach is not safe and not compliant
@nocodebackend Жыл бұрын
Hi Ray - can you please elaborate specifically on why you think this is not safe to use this method for JWE tokens and what compliance measure you think this method is breaking?
@Burningsun92 Жыл бұрын
This exposes the users auth tokens on the browser and can use this to manipulate by bad actors
@nocodebackend Жыл бұрын
@@Burningsun92 The only person that would have access to a user's auth token is that specific user; this does not expose any data to those who would not have access to it already. You do have the option in Xano to build additional checks and rate limiting into your APIs if you want to further restrict access. There is also a new plugin for connecting with Xano that would be worth exploring: go.xano.co/xbc
@MoabeVettore 2 жыл бұрын
What turned me off to using the Xano platform. It is the difficulty of creating tables related to each other. For a platform that calls itself "no-code", the process is very technical and involves knowledge of programming logic.
@nocodebackend 2 жыл бұрын
Hey Moabe! Making table relationships is super easy! You just need to add the table reference field type and select the table the relationship maps to :)
@MoabeVettore 2 жыл бұрын
@@nocodebackend But if I need to send a API post with a text and lookup in a table and reference this information it's not super easy. It's quite a difficult task
@aiautoglasscrm 2 жыл бұрын
@@MoabeVettore Like with anything it just takes practice, I am a Xano user, the leadership is super responsive, and members are really helpful. Plus, they got this program called PRO group with Ray Deck, and it is amazing! Has helped me figure out how to use Xano with Google Service Account, and automate the refresh access token with goHighLevel OAuth2 API, just finishing how to handle errors so the Dialogflow CX bot acts the way it should. People who claim that no code and low code is easy just don't know. I think Xano is a little guilty of saying that it is easy that 's true once you get good at it :-) I could have done a lot of what I wanted using python much easier, but Xano provides a foundation that will allow me to quickly create the backend that can handle enterprise wide use case, whereas I believe that using traditional methods, it would not.
Victor Kuzmichev
Рет қаралды 12 М.