Authentication

This page explains concerns about how users are authenticated in Bubi.

Bubi use OAUTH2 and the authentication workflow is explained in great detail in the "How it works" page.This means that user credentials (email and password) are never sent to the partner's website. So all functionality that requires user to enter a password (authentication, registration and change password) is handled by the domain https://auth.bubiapp.de. This has the following benefits:

  • Reduce the surface of attack my making only one site handle the authentication.

  • Increased customer data security by not sharing their password or any data related to other partners with partners.

  • Better user experience since there is one Bubi password used by all partners, so a password manager can use the correct password when browsing different customer sites with different domains since the authentication is handled only by a single domain.

PreviousConcerns about widgetsNextHash paths

Last updated

Was this helpful?