FairCo v2

Current path: /demo

Demo: Bubble → Svelte Auth Handoff

Step 1: Get a temporary token

Run the following command in your terminal to simulate Bubble requesting a handoff token (ensure you use the correct host):

curl -X POST https://fairco.devo.live/api/bubble-login \
-H "Content-Type: application/json" \
-d '{
  "bubble_user_id":"123",
  "email":"test@example.com",
  "secret":"my-dev-secret"
}'

Step 2: Complete the handoff

Copy the token from the response and open the following URL in your browser:

https://fairco.devo.live/auth/bubble?token=<returned-token>

You can also specify a custom redirect destination:

https://fairco.devo.live/auth/bubble?token=<returned-token>&redirect=/recipes

Flow Explanation

  1. Bubble calls SvelteKit POST /api/bubble-login with a shared secret.
  2. SvelteKit validates the secret and stores a temporary UUID token in memory.
  3. Bubble redirects the user's browser to SvelteKit GET /auth/bubble?token=....
  4. SvelteKit verifies the token, deletes it (single-use), and sets an httpOnly cookie.
  5. SvelteKit redirects the user to the protected /dashboard.