The L2L Login Plugin is one of the components of the L2L Studio project. The primary purpose of this plugin is to allow you to use L2L as an SSO provider for your L2L Studio app. This allows you to maintain a high level of security around your data.
This guide will explain how to add the L2L Login plugin to any Bubble app.
Configuring the L2L Login Plugin on an Existing Project
- Add the L2L Login plugin to your App
- Enable the Workflow API In the Bubble Editor. Go to Settings → API and click the checkbox next to “Enable Workflow API and backend workflows.” Note the Workflow API root URL, as it will be used later.
- Add two additional parameters to the User data type. Go to the Data tab, and click on the “User” data type. Add the following fields with the indicated types:
- AuthExpires → date
- LoginError → text
- NameID → text
- Add a new data type to hold variables used for the login configuration. Go to the Data tab, and create a new data type called “LoginConfig.” Under the new LoginConfig data type, add the following new fields, all with the type “text”:
- BubbleAppCertificate
- BubbleAppPrivateKey
- BubbleAppURL
- CallbackURL
- DispatchCertificate
- DispatchServer
- Create a new Page in the event of a login error.
- Call the new page “login_error”
- Create a text element with the following dynamic content:
Current User’s LoginError
- Create a new API workflow to handle the authentication callback from the L2L Dispatch server.
- In the Bubble editor go to the page chooser, and choose “Backend workflows.”
- Click on the dotted box to create a new backend workflow, and choose “New API workflow…” and enter the following in the dialog box:
- API workflow name: LoginComplete
- Expose as a public API workflow: checked
- This workflow can be run without authentication: checked
- Ignore privacy rules when running the workflow: not checked
- Trigger workflow with: POST
- Parameter definition: Manual definition
- Add a new parameter:
- Key: SAMLResponse
- Type: text
- Is a list/array: not checked
- Optional: not checked
- Querystring: not checked
- Add a new parameter:
- Key: sessionid
- Type: text
- Is a list/array: not checked
- Optional: checked
- Querystring: checked
- Response Type: Page redirect (302)
- Redirection on success: index
- Redirection on error: login_error
- Add a new action by clicking on the dotted box with text “Click here to add an action…” and choose Action → Plugins → validate_response. Enter the following into the dialog box:
- Response:
SAMLResponse
- Dispatch Certificate:
Search for LoginConfigs:first item’s DispatchCertificate
- Bubble App URL
Search for LoginConfigs:first item’s BubbleAppURL
- Server
Search for LoginConfigs:first item’s Server
- Response:
- Add another new action and choose Account → Make changes to current user.
- In the dialog box, click “Change another field” and enter the following:
AuthExpires = Current date/time +(hours): 12
- This can be customized to the desired duration of users’ sessions.
- Click “Change another field” again and enter the following:
NameID = Result of step 1 (validate_response)’s Name ID
- Enter the following in the “Only when” section:
Result of step 1 (validate_response)’s Is Authenticated is “yes”
- In the dialog box, click “Change another field” and enter the following:
- Add one more new action and choose Account → Make changes to current user.
- In the dialog box, click “Change another field” and enter the following:
LoginError = Result of step 1 (validate_response)’s Error
- Enter the following in the “Only when” section:
Result of step 1 (validate_response)’s Error is not empty
- In the dialog box, click “Change another field” and enter the following:
- Add a new reusable workflow that will be used to force users to log on.
- From the Page chooser, click “Add a new reusable element…” and call the new reusable element: L2L Login
- Click the Workflow tab
- Add a new event by clicking the dotted box called “Click here to add an event…” and click Custom → Create a custom event…
- Enter the following in the Dialog:
- Event Name: L2L Login
- Only when:
Current User’s AuthExpires is empty or CurrentUser’s AuthExpires < Current date/time
- Add a new action by clicking the dotted box called “Click here to add an action…”
- Select Plugins → get_l2l_login_url
- In the dialog, enter the following:
- Dispatch Server:
Search for LoginConfigs:first item’s Server
- Bubble App Private Key:
Search for LoginConfigs: first item’s BubbleAppPrivateKey
- Bubble App Certificate:
Search for LoginConfigs: first item’s BubbleAppCertificate
- Bubble App URL:
Search for LoginConfigs:first item’s BubbleAppURL
- Callback URL:
Search for LoginConfigs:first item’s CallbackURL
- Dispatch Server:
- Add a new action by clicking “Click here to add action…”
- Select Navigation → Open an external website
- In the dialog, enter the following:
- Destination:
Result of step 1 (get_l2l_login_url)’s login_url
- Destination:
- Set the height of the reusable element to 0 so it can be added to each page
- Go go the Design tab
- Select the white box
- In the dialog, select the Layout tab
- Set the height to: 0
- Add the L2L Login workflow to every page where authentication is required. This guide will show you how to add it to the index page.
- Select “index” in the Page chooser and select the Design tab
- Drag the L2L Login from the Reusable Elements section to the top of the page.
- Click on the Workflow tab
- Create a new event by clicking the box called “Click here to add an event…” and choose General → Page is loaded
- Add a new action by clicking the box called “Click here to add an action…”
- Choose Custom Events → Trigger a custom event from a reusable element
- In the dialog box, enter the following:
- Reusable element: L2L Login A (or whatever your new element is called)
- Custom event: L2L Login
Configure the App
- Add a link to the Studio App in L2L Dispatch
- We recommend adding a link in a sandbox site to the development version, and a link to the Live Bubble app in your production sites. For the development version, be sure to append
/version-test/
to the end of the Bubble URL. For the Live version, be sure to leave it off.
- We recommend adding a link in a sandbox site to the development version, and a link to the Live Bubble app in your production sites. For the development version, be sure to append
- Create a new self-signed certificate and key that will be used to validate the Bubble app with the L2L Dispatch server. These will be used in step 3.
- Download the L2L Certificate.
- Enter new app data in Bubble. While building the app, be sure to select the Development database. When deploying to live, be sure to select the Live database.
- Go to the Data → App data tab, select “All LoginConfigs,” then click the “New entry” button.
- BubbleAppCertificate → Copy/paste the entire contents of the certificate.pem file generated in step 2.
- BubbleAppPrivateKey → Copy/paste the entire contents of the key.pem file generated in step 2.
- BubbleAppURL → This is the URL of the bubble app. This can be found in the Bubble Editor under Settings → Domain / email if you have a custom domain. If you do not have a custom domain, this can be found by by clicking the “run” button on the Bubble App list screen. Trim off everything but the full domain. It will look like this:
l2l-login-template.bubbleapps.io
- CallbackURL → Once authenticated, L2L will send the browser back to this URL. You will need to construct this URL. Start by copying the URL found in the Settings → API screen called “Workflow API root URL.” Now append “/LoginComplete” to the end. It should look like this:
https://l2l-login-template.bubbleapps.io/version-test/api/1.1/wf/LoginComplete
- DispatchCertificate → This is the certificate of the L2L Dispatch server. This was downloaded in step 3.
- DispatchServer → This is the Customer’s L2L Dispatch server. Be sure to include “https://.” It should like this:
https://acme.leading2lean.com
Publish the App
Now that the L2L Plugin has been added, data and workflows have been defined, and the app has been configured, you can publish the app. Some Bubble features are disabled prior to publishing, so a subscription must be added in order to fully test the L2L Login plugin.
Once the app has been tested, you will need to configure the app for the Live site. Simply follow the steps in the "Configure the App" section for your Live database.
Comments
0 comments
Please sign in to leave a comment.