You can require authentication for specific actions in Bubble by adding Only when conditions that check Current User is logged in, showing a login popup for guest users, and preserving deep links so users return to their intended action after signing in. This approach lets you keep parts of your app public while gating valuable features behind login.
Overview: Requiring Authentication for Certain Actions in Bubble
Not every page or action in your app needs to be locked behind a login. This tutorial shows you how to selectively require authentication — letting visitors browse your content freely while prompting them to sign in when they try to perform actions like saving favorites, posting comments, or making purchases. You will learn to add authentication conditions, build login prompts, and preserve deep links so users land right where they left off after logging in.
Prerequisites
- A Bubble app with user authentication already set up
- Pages that are partially public (visible to visitors)
- Actions you want to restrict to logged-in users
- A login page or login popup already built
Step-by-step guide
Add authentication conditions to workflow actions
Add authentication conditions to workflow actions
Go to the Workflow tab and find the workflow for an action you want to restrict (e.g., When Button Save to Favorites is clicked). Click on the first action in the workflow. In the Only when field, add the condition Current User is logged in. This means the action will only execute when a logged-in user clicks the button. Repeat this for all actions in the workflow that require authentication. Without this condition, the action would silently fail or create records with no user attached.
Pro tip: Add the Only when condition to the entire workflow event (not just individual actions) when ALL actions in the workflow require login. This is cleaner and prevents partial execution.
Expected result: The workflow only executes when the user is logged in. Nothing happens for guest users (we will handle that next).
Show a login prompt for unauthenticated users
Show a login prompt for unauthenticated users
Create a second workflow on the same button with the opposite condition. Set the event to When Button Save to Favorites is clicked with Only when: Current User is logged out. For the action, you have two options. Option A: Show a Popup element containing your login form (add the action Show Popup Login). Option B: Navigate to your login page using Go to page login. A popup is usually better because it keeps the user on the same page. Add a clear message in the popup like Sign in to save your favorites.
Expected result: Guest users see a login prompt when they try to perform gated actions, while logged-in users proceed normally.
Preserve the intended action using URL parameters or custom states
Preserve the intended action using URL parameters or custom states
Before showing the login prompt, save what the user was trying to do. If using a popup login, set a Custom State on the page called intended_action (type text) to the action name (e.g., save_favorite) and another Custom State called target_item (type your data type) to the item the user clicked on. After successful login inside the popup, check these states and execute the original action. If redirecting to a login page, pass the return URL and action as URL parameters: Go to page login → Send parameter return_url = Current Page URL and action = save_favorite.
Pro tip: For the redirect approach, on your login page add a workflow after successful login: Go to page (Get data from page URL parameter return_url). This returns the user exactly where they were.
Expected result: After logging in, the user is returned to where they were and can immediately perform the action they originally attempted.
Set up page-level authentication for protected pages
Set up page-level authentication for protected pages
For entire pages that require login (like a dashboard or settings page), go to the Design tab and open that page. Add a Page is loaded workflow. Set the Only when condition to Current User is logged out. Add the action Go to page login with a URL parameter like return_url = Current Page URL. This redirects any unauthenticated visitor to the login page. On your login page, after successful authentication, check for the return_url parameter and redirect there.
Expected result: Protected pages automatically redirect unauthenticated visitors to the login page, which sends them back after login.
Apply conditional visibility to UI elements
Apply conditional visibility to UI elements
On the Design tab, select elements that should only be visible to logged-in users (like the Save to Favorites button or a comment input). Go to the Conditional tab on each element. Add a condition: When Current User is logged out → This element is not visible. For guest users, you can show an alternative element (e.g., a Sign in to save button) with the opposite condition: When Current User is logged in → This element is not visible. This keeps the UI clean and communicates clearly what actions are available.
Pro tip: Use Collapse when hidden on conditionally hidden elements so they do not leave empty space on the page.
Expected result: Authenticated and unauthenticated users see different UI elements appropriate to their access level.
Complete working example
1AUTH GATING WORKFLOW SUMMARY2=============================34CUSTOM STATES (on page):5 - intended_action (text)6 - target_item (your data type)78WORKFLOW 1: Authenticated User Action9 Event: Button Save Favorite is clicked10 Only when: Current User is logged in11 Action 1: Create a new Favorite12 user = Current User13 item = Current cell's Item14 Action 2: Show success message1516WORKFLOW 2: Unauthenticated User Prompt17 Event: Button Save Favorite is clicked18 Only when: Current User is logged out19 Action 1: Set state of page20 intended_action = save_favorite21 target_item = Current cell's Item22 Action 2: Show Popup Login2324WORKFLOW 3: Post-Login Action Resume25 Event: User login status changes26 Only when: Current User is logged in27 AND page's intended_action is not empty28 Action 1: Create a new Favorite29 user = Current User30 item = page's target_item31 Action 2: Set state of page32 intended_action = (empty)33 target_item = (empty)34 Action 3: Hide Popup Login3536WORKFLOW 4: Page-Level Redirect37 Event: Page is loaded38 Only when: Current User is logged out39 Action: Go to page login40 Send: return_url = Current Page URL4142WORKFLOW 5: Return After Login (on login page)43 Event: User login status changes44 Only when: Current User is logged in45 AND Get return_url from page URL is not empty46 Action: Go to page (Get return_url from page URL)4748CONDITIONAL VISIBILITY:49 Button Save Favorite:50 When Current User is logged out → not visible51 Button Sign In to Save:52 When Current User is logged in → not visible53 Both elements: Collapse when hidden = checkedCommon mistakes when requiring authentication for certain actions in Bubble.io: Step-by-Step Gui
Why it's a problem: Adding the auth check to individual actions instead of the workflow event
How to avoid: Add the authentication condition to the workflow event level when all actions require login. Use action-level conditions only when some actions should run for everyone.
Why it's a problem: Not preserving the user's intended action after login
How to avoid: Store the intended action in a Custom State or URL parameter before showing the login prompt, then execute it after successful login.
Why it's a problem: Relying only on hiding buttons for security
How to avoid: Always add server-side checks: Only when conditions on workflows AND Privacy Rules on data types. UI hiding is supplementary.
Why it's a problem: Not handling the case where a logged-in user's session expires
How to avoid: Use the User login status changes event to detect session expiration and redirect to the login page or show a re-authentication prompt.
Best practices
- Gate actions at the workflow level with Only when conditions, not just by hiding UI elements
- Always provide a clear path to login when a guest tries a restricted action
- Preserve the user's context and intended action so they can continue seamlessly after login
- Use page-level redirects for fully protected pages like dashboards and account settings
- Combine UI visibility conditions with workflow conditions for defense in depth
- Set up Privacy Rules as an additional layer — they protect data even if workflow conditions are bypassed
- Test your auth flows by opening the app in an incognito window as a guest user
Still stuck?
Copy one of these prompts to get a personalized, step-by-step explanation.
I am building a Bubble.io app where some pages are public and some actions require login. I need to show a login popup when guests try to save favorites, post comments, or make purchases, then resume their action after they log in. How should I structure the workflows and conditions?
Help me set up authentication gating in my app. I want the browse page to be public, but saving items, commenting, and purchasing should require login. Show a login popup for guests and resume their action after they sign in.
Frequently asked questions
Can I require login for some buttons on a page but not others?
Yes. Add the Only when: Current User is logged in condition to specific workflow events. Other buttons on the same page can work without any authentication check.
What is the difference between hiding a button and adding an Only when condition?
Hiding a button is a visual change only — determined users can still trigger the action. An Only when condition on the workflow prevents the action from executing server-side regardless of how it is triggered.
How do I preserve a deep link after login redirect?
Pass the current page URL as a URL parameter when redirecting to the login page. After login, read that parameter and navigate to it. Use Go to page login with Send parameter return_url = Current Page URL.
Should I use Privacy Rules in addition to workflow conditions?
Absolutely. Privacy Rules are server-side security that protects data even if a workflow condition is somehow bypassed. Always use both for defense in depth.
Can I show different content to free vs paid users?
Yes. Use the same conditional visibility approach with conditions like When Current User's plan is Free or When Current User's plan is Pro to show different elements or enable different actions.
Can RapidDev help implement complex access control?
Yes. RapidDev specializes in Bubble development and can help build sophisticated access control systems including role-based permissions, feature gating, and subscription-based access tiers.
Talk to an Expert
Our team has built 600+ apps. Get personalized help with your project.
Book a free consultation