Change Firebase Token Programmatically

Hi fellow Koders,

First, I’d like to praise Kodular Staff for the awesome Draco release with all the new stuff available to us (specially the BottomNav and FirebaseAuth).

On that note, I’d like to ask if there is any expected upgrade to the FirebaseDb component to be able change the Firebase URL and token programmatically (other distros already do that) and I am aware of the FirebaseAddOn extension by @CarlosPedroza27 but haven’t received an answer from him to be able to buy his expension.

Likewise, a function to renew the user token would be welcomed :grin: (but I can make do with the REST API in the meantime).

1 Like

Why are you guys obsessed with changing tokens from Firebase? What is the problem?


Authenticated data upload and retrieval. Simply put, data safety.

1 Like

You think, changing your token, will let you input data safely? Don’t you think you should have it like that the first time? Changing the Firebase Token would also allow for inputting on our databases while in app… Simply put, a risk for other users. How about we negotiate, you don’t want this because it possibly won’t be added, and we’re good? I’m actually starting to get tired of replying to topics :sweat_smile: Nothing rude, it’s in general, I really don’t know why. That’d be great if we stop right at this reply, thanks :joy:

@hammerhai, would you kindly explain to me how I could manage the recording and retrieval of data from my own private Firebase Database (after setting the proper rules in it) without the use of authentication and ID token? And using the current components and functions.

I don’t wanna simply leave my FirebaseDB rules like read, write = true and wide open to anyone to see. My app deals with somewhat sensitive user info and I need to keep it safe. You do know about data safety and the Firebase structure, don’t you?

But, as I said, if its too much trouble, I’ll keep using the REST API procedures I already have in place to exchange data as my app needs. No need to bother. This functionality would just make things easier and cleaner.

1 Like

Yes but how will changing your token, provide safer transferring of private data?

Firebase Remote Config

If you can change your firebase token in a block, you can hide the tken in a obfuscated text block or you download the token id from a server or in a other way. If you can do that , you can set the firebase rules for read and write to AUTH and not to true.
This make the database more secure because the rules are not true.And another feature you can work with different firebase databases, because you can change the token and the url if you have the blocks. ATM you have to take different components.

With remote Config you can get the Firebase Token and URL live and you can change them if you want. I change my API from time to time, because it is more secure.

I would love to see this 2 blocks in the next update. I thought we got it with the Draco update but we didnt got it.

Ya know, your Firebase Token idea doesn’t matter anymore, once someone decompiles your app, it’ll include the google-services.json file which isn’t encrypted and includes your Firebase Token, so whats different?

But you cannot change the database, if you havent this blocks , which is a good feature too. And to decompile the service json give him the api for other things but not for the database. If i look into that file i cannot find my firebase token. Can you find your database token? I dont think so. So thats not complete true what you said.

The ID Token is generated upon request by the Google Auth API (which Firebase uses, of course) with the use of your user’s user ID and refesh_token string. The token itself if an encrypted sting that expires hourly. Without it, you have to set you firebase’s rules to TRUE, making your DB fully open and visible to anyone who knows your DB url which obviously is extremely bad if you have sensitive information stored.

With the token, you can limit the access to you DB data by user and even by only authenticated user. This is what I mean by secure data storage and retrieval.

EDIT: I’d suggest some reading on the Firebase’ documentation for further understanding of how they manage data and authentication. By the way, why do you think Firebase Auth was always one of the most requested features in all AI distros? It wasn’t only for the looks, you know? User authentication have a clear and obvious purpose of securing and controlling data.

1 Like

To stop this discussion right now a question:
Which things should be in blocks editor visible too?
Tell it and I make them visible for next release.

URL and token?

Set Firebase Token To … and set Firebase Url to … and wait i look for the rest.image

And maybe the components to login with firebase and the other social media accounts. And pls have a look on my post from yesterday or so , because Google sign In do not work and the wrong components triggers if you signup or login.

Thanks man this would be really nice.

This post in thunkable shows why we want that blocks. Maybe this post help some user to understand how thefirebase token can work. Its a really good post about that problem what we have here. So read and learn something

I’m gonna take some deep breaths :triumph: and calm down about a post :confounded:

Firebase URL and token would suffice.

The Auth response code and error response codes would add a nice too (make possible to treat each error more specifically), if possible.

And at the risk of being too pushy, I don’t know if the refresh token function already is in the code (haven’t throughly checked yet) but if it is, I’d like to suggest that for future releases too. :wink:

By the way, thanks for the response, @Mika

1 Like

this please


The idea is that the Sizing, Splash Image, and Theme are universal to the whole app, and should not be changed through the blocks. You set them for the whole of the app once. That is why they can’t be set from the blocks


Guy here we talk about firebase not about that block, what is hoing on by you, why did you use other posts to ask things abouth other block or components. please kade a new post for your things. this is unfriendly to the owner of that post.thx

Random Splash