I am using Thunkable to create a stress-reducing APP for a research project. I remixed the survey tool allowing users to enter their daily stress level from 0 to 10 and type in their daily stress triggers.
I cannot add any personal identifiable information to my sign-in screen to protect users’ privacy. My University won’t approve my project if users’ emails are used (too much liability), but my users must be able to create their own separate accounts and I must be able to view their daily stress tracking.
How do I create a sign-in screen with username and password instead of email and password using Thunkable and Firebase?
Which Thunkable blocks should I use?
I remixed the sign-in screen project on Thunkable, but the only blocks I found were for storing email and password.
Hey Laura! Welcome to Thunkable! IRBs are trouble aren’t they?
Interesting question!
I think this can be done, but you might have to get a little bit clever. Firebase can definitely let users login without a valid email address, but Thunkable’s Firebase sign-in blocks only do email authentication. If you don’t want to create your users in some other way (through the API or bulk upload or something else - this would be more complicated), then you might take each user’s login information and use blocks (look at the red text join block) to add a BOGUS @email.domain at the end of the input user name before calling the sign-in or sign-up blocks. Make very sure you choose something bogus so that you don’t generate spam.
You’re also going to have to modify the logic where Thunkable checks if the email is verified, because that bogus email is never going to get verified.
That should be a pretty straight forward from the remixed sign-in screen project, but please post if you’re stuck (preferably with pictures of blocks or a link to the project) and one of us will try to help!
No email needed but in this way data is less secure in reality.
Can you not save data using their Firebase ID. Then only email is used during registration. No other data is associated with the email then.
Lots of universities use online systems for research. I would speak to others and see the approaches they took.
My local community mental health (Pair my Medicaid) and my university (florida tech) approved my research by ensuring I only used email during signup/signin and at no other time. All data is saved using a unique no identifiable number.
In researching for this problem yesterday, I found exactly what you said, that the data is less secure without using email. I am going to try to create a bogus email domain at the end of each username.
That is awesome your university approved your project using users’ emails. You brought up a great point, it never hurts to ask, I could save myself a lot of time and energy.
Was your project also through Thunkable? If so, did you publish your APP through Apple?
Hi Cathy, Good news! I followed your instructions and it worked! As a test, I was able to create anonymous accounts with 6-digit usernames combined with my bogus domain called @empact.com
It worked perfectly for signing up & for creating unique, anonymous users in Firebase.
For example, this is the username format users have to use when signing up
username: 454545@empact.com
The only strange thing is that when users sign in all they are able to enter is their 6-digit username (for example 454545). If they try to enter 454545@empact.com, an error says “email address badly formatted.”
I am trying to figure out a good “forcing function” to prevent users from getting confused.
Is there a hidden way to attach the @empact.com to the user’s 6-digit username so an account is generated in Firebase, but on the user’s end only display the 6-digit username while signing up?
I attached a picture of my blocks and here is a link to my project so you can see how the login works.
Have a look at where you’re calling signup and signin. Looks to me like the one time you are joining the @fakedomain and the other time you aren’t? That’s probably the source of the problem. I’d guess you want users to just enter their username part, and you should handle it like the right (sign in) way , not the left (sign up) one. Fix the left one to look like the right one, and your users won’t need to type the @fakedomain.
Important aside. @empact.com is a real domain. If your firebase is sending email confirmations (which I think it does by default), you’re sending login information to whoever receives email for that domain, which is a security problem, if that’s not you. (Some domain administrators route all usernames to one email bucket.) @example.com is likely a better choice.
That’s awesome! So glad you got your login page working! Now to build some pages that actually take data, huh? You know where the forum is - come back for more help any time.
. Thank you Cathy 
you are a lifesaver!
You know where the forum is - come back for more help any time.