The L2L Login Plugin is one of the components of the L2L Studio project. The primary purpose of this plugin is to allow you to use L2L as an SSO provider for your L2L Studio app. This allows you to maintain a high level of security around your data.
This guide will explain how to add the L2L Login plugin to any Bubble app.
Configuring the L2L Login Plugin on an Existing Project
- Add the L2L Login plugin to your App
- Enable the Workflow API In the Bubble Editor. Go to Settings → API and click the checkbox next to “Enable Workflow API and backend workflows.” Note the Workflow API root URL, as it will be used later.
- Add an additional parameter to the User data type. Go to the Data tab, and click on the “User” data type. Add the following field with the indicated type:
- LoginError → text
- Add a new data type to hold variables used for the login configuration. Go to the Data tab, and create a new data type called “LoginConfig.” Under the new LoginConfig data type, add the following new fields with the indicated data type:
- AuthExpiresMinutes → number
- BubbleAppCertificate → text
- BubbleAppPrivateKey → text
- BubbleAppURL → text
- CallbackURL → text
- DispatchCertificate → text
- DispatchServer → text
- Add a new data type to hold User Sessions. Go to the Data tab, and create a new data type called "UserSession." Add the following fields:
- AuthExpires → date
- NameId → text
- UserUniqueId → text
- Create a new Page in the event of a login error.
- Call the new page “login_error”
- Create a text element with the following dynamic content:
Current User’s LoginError
- Create a new API workflow to handle the authentication callback from the L2L Dispatch server.
- In the Bubble editor go to the page chooser, and choose “Backend workflows.”
- Click on the dotted box to create a new backend workflow, and choose “New API workflow…” and enter the following in the dialog box:
- API workflow name: login_complete
- Expose as a public API workflow: checked
- This workflow can be run without authentication: checked
- Ignore privacy rules when running the workflow: not checked
- Trigger workflow with: POST
- Parameter definition: Manual definition
- Add a new parameter:
- Key: SAMLResponse
- Type: text
- Is a list/array: not checked
- Optional: not checked
- Querystring: not checked
- Add a new parameter:
- Key: sessionid
- Type: text
- Is a list/array: not checked
- Optional: checked
- Querystring: checked
- Add a new parameter:
- Key: user_unique_id
- Type: text
- Querystring: checked
- Response Type: Page redirect (302)
- Redirection on success: index
- Redirection on error: login_error
- Add a new action by clicking on the dotted box with text “Click here to add an action…” and choose Action → Plugins → validate_response. Enter the following into the dialog box:
- Response:
SAMLResponse
- Dispatch Certificate:
Search for LoginConfigs:first item’s DispatchCertificate
- Bubble App URL
Search for LoginConfigs:first item’s BubbleAppURL
- Server
Search for LoginConfigs:first item’s DispatchServer
- Response:
- Add another new action and choose Data (Things) → Create a new thing...
- In the dialog box, choose
UserSession
for the Type - Click "Set another field" for each of the following:
AuthExpires = Current date/time +(minutes): Search for LoginConfigs:first item's AuthExpiresMinutes
NameId = Result of step 1 (validate_response)’s Name ID
UserUniqueId = user_unique_id
- Enter the following in the “Only when” section:
Result of step 1 (validate_response)’s Is Authenticated is “yes”
- In the dialog box, choose
- Add one more new action and choose Account → Make changes to current user.
- In the dialog box, click “Change another field” and enter the following:
LoginError = Result of step 1 (validate_response)’s Error
- In the dialog box, click “Change another field” and enter the following:
- Add a new reusable workflow that will be used to force users to log on.
- From the Page chooser, click “Add a new reusable element…” and call the new reusable element: L2L Login
- Click the Workflow tab
- Add a new event by clicking the dotted box called “Click here to add an event…” and click Custom → Create a custom event…
- Enter the following in the Dialog:
- Event Name: L2L Login
- Only when:
Search for UserSessions
- In the Search for UserSessions box, enter the following:
- Type:
UserSession
- Add the following constraints:
UserUniqueId = CurrentUser's unique id
AuthExpires > Current date/time
- Type:
- Update the Only when section in the L2L Login box so it reads:
Search for UserSessions:count is 0
- Add a new action by clicking the dotted box called “Click here to add an action…”
- Select Plugins → get_l2l_login_url
- In the dialog, enter the following:
- Dispatch Server:
Search for LoginConfigs:first item’s DispatchServer
- Bubble App Private Key:
Search for LoginConfigs: first item’s BubbleAppPrivateKey
- Bubble App Certificate:
Search for LoginConfigs: first item’s BubbleAppCertificate
- Bubble App URL:
Search for LoginConfigs:first item’s BubbleAppURL
- Callback URL*:
Search for LoginConfigs:first item’s CallbackURL
- *For version 2.0.0 and prior, Use the following expression for the Callback URL:
Search for LoginConfigs:first item’s CallbackURL
Arbitrary Text
CurrentUser's unique id
and enter the following text for the Arbitrary Text entry:?user_unique_id=
- *For version 2.0.0 and prior, Use the following expression for the Callback URL:
- User Unique ID:
CurrentUser's unique id
- Dispatch Server:
- Add a new action by clicking “Click here to add action…”
- Select Navigation → Open an external website
- In the dialog, enter the following:
- Destination:
Result of step 1 (get_l2l_login_url)’s login_url
- Destination:
- Set the height of the reusable element to 0 so it can be added to each page
- Go go the Design tab
- Select the white box
- In the dialog, select the Appearance tab
- Set the height to: 0
- Add the L2L Login workflow to every page where authentication is required. This guide will show you how to add it to the index page.
- Select “index” in the Page chooser and select the Design tab
- Drag the L2L Login from the Reusable Elements section to the top of the page.
- Click on the Workflow tab
- Create a new event by clicking the box called “Click here to add an event…” and choose General → Page is loaded
- Add a new action by clicking the box called “Click here to add an action…”
- Choose Custom Events → Trigger a custom event from a reusable element
- In the dialog box, enter the following:
- Reusable element: L2L Login A (or whatever your new element is called)
- Custom event: L2L Login
Configure the App
- Add a link to the Studio App in L2L Dispatch
- We recommend adding a link in a sandbox site to the development version, and a link to the Live Bubble app in your production sites. For the development version, be sure to append
/version-test/
to the end of the Bubble URL. For the Live version, be sure to leave it off.
- We recommend adding a link in a sandbox site to the development version, and a link to the Live Bubble app in your production sites. For the development version, be sure to append
- Create a new self-signed certificate and key that will be used to validate the Bubble app with the L2L Dispatch server. These will be used in step 3.
- Download the L2L Certificate.
- Enter new app data in Bubble. While building the app, be sure to select the Development database. When deploying to live, be sure to select the Live database.
- Go to the Data → App data tab, select “All LoginConfigs,” then click the “New entry” button.
- Enter the following in the new form:
- AuthExpiresMinutes → 720
- 720 minutes is 12 hours. You may choose to customize this field to whatever makes sense for your app.
- BubbleAppCertificate → Copy/paste the entire contents of the certificate.pem file generated in step 2.
- BubbleAppPrivateKey → Copy/paste the entire contents of the key.pem file generated in step 2.
- BubbleAppURL → This is the URL of the bubble app. This can be found in the Bubble Editor under Settings → Domain / email if you have a custom domain. If you do not have a custom domain, this can be found by by clicking the “run” button on the Bubble App list screen. Trim off everything but the full domain. It will look like this:
acme-app.bubbleapps.io
- It will be the same in both your Development and Live Bubble databases. Do not append /version-test.
- CallbackURL → Once authenticated, L2L will send the browser back to this URL. You will need to construct this URL. Start by copying the URL found in the Settings → API screen called “Workflow API root URL.” Now append “/login_complete” to the end. It should look like this:
https://acme-app.bubbleapps.io/version-test/api/1.1/wf/login_complete
- DispatchCertificate → This is the certificate of the L2L Dispatch server. This was downloaded in step 3.
- DispatchServer → This is the Customer’s L2L Dispatch server. Be sure to include “https://.” It should like this:
https://acme.leading2lean.com
- AuthExpiresMinutes → 720
Publish the App
Now that the L2L Plugin has been added, data and workflows have been defined, and the app has been configured, you can publish the app. Some Bubble features are disabled prior to publishing, so a subscription must be added in order to fully test the L2L Login plugin.
Once the app has been tested, you will need to configure the app for the Live site. Simply follow the steps in the "Configure the App" section for your Live database.
Troubleshooting
If you are getting errors on the Bubble app or on the L2L server, check the following:
- Check each of the Login Configs that they don't have extra spaces or new lines.
- Make sure your Login Config's Bubble App URL matches the URL of the L2L Studio App Config.