[Solved] All published Apps stop Working! Urgent help please!

Questions about Thunkable
41

When you access Firebase using Thunkable you supply API key and Database URL.

The API key is used to create either an Auth token or a User token or both. however, these tokens are only required if you set the Rules in Firebase to deny anonymous access but if you allow access without any authentication then you can actually use the Web API component to get data from the database.

For Example, I have a test database that I do not use any security in it. See the rules:

{
  "rules": {
    ".read": "true", 
    ".write": "true", 
  }
}

So, I allow everyone to read or write to this database. In this case, I can get data just by using the Database URL and add to it the keys I want to retrieve and add to the end .json

Example:
My test database is my-demodb and I want to retrieve the key myBook/Students so the full URL will be

https://my-demodb-9d875-default-rtdb.firebaseio.com/myBook/Students.json

I used this code to get a list of the students key

image
image850×394 25 KB

This is the output from my mobile

Screenshot_2021-10-28-10-46-48-37_2bbfbfee96a5dfce998f962ebb8b5da3
Screenshot_2021-10-28-10-46-48-37_2bbfbfee96a5dfce998f962ebb8b5da31080×489 79.7 KB

Now, when you have security in place then you will need one of the methods to generate a token to access your data. I might write a more descriptive post about how to access using tokens.

To read about Auth API see this
https://firebase.google.com/docs/reference/rest/auth

2 Likes
42

Thank you @muneer ! What I was very much wondering about was how you use those tokens for security, indeed, so would be really interesting to hear you to elaborate on this if you find time & inspiration to do it. So, for example, I’ve been using the basic Thunkable components for user authentication with Firebase and then for setting special permissions, say, a user can edit only a folder associated with her username. But now I started to wonder if I could somehow do this manually so I could have more control over these tokens / understand how they function better.

2 Likes
43

@ethosworkfi

To use the token you need first to sign in to Firebase. The Sign In component does this for you and use the token internally.

If you want to do it yourself then you need to setup Web API with the following:

  • Header should have Content-Type set to application/json
  • URL should be https://identitytoolkit.googleapis.com/v1/accounts:signInWithPassword?key= and add your Firebase API Key to it.
  • Use Web API POST block to get the information

See this as an example

image
image592×565 37.3 KB

Of course instead of displaying the response to a label you will get the token from the response and use it with other blocks.

The response will have lots of information including localId, idToken, refreshToken, expiresIn

Use the localId in place of the UserID in the Sign In block and use the idToken to add it to the URL to get info. So the previous URL which gets information from the database will now be:
https://my-demodb-9d875-default-rtdb.firebaseio.com/myBook/Students.json?token=[your token]

Google will keep this token valid for 3600 seconds and when expires you will need the refreshToken to issue another API to get extra time with new values.

Hope this will give you a good start.

2 Likes
44

Oh, many, many thanks for this @muneer ! This really helps me out. Thank you again!

1 Like
45

I’m still waiting on an official reply to this question. @wei @domhnallohanlon

46

If you use any of the data viewer/source components in the apps, they are dependent on the Thunkable platform. If you use the UI components (such as buttons, labels) and others in the apps, they are not dependent on the Thunkable platform.

Wei

1 Like