FirebaseDB, CloudDB, and Translator all use a token-based authentication mechanism for validating access from client apps built with AI2. In the case of CloudDB and Translator specifically, these are services run by MIT and so we use the tokens to both authenticate and rate limit access to our servers so that any particular user can't abuse the service to the detriment of other users. In the case of FirebaseDB, we use a Firebase-provided library to derive a JSON Web Token (JWT) that is used to identify the app to Firebase as well as restrain its access to a bucket that is specific to app's developer. Otherwise, App Inventor users could abuse their tokens to read/write other developers buckets and it would be a mess. For security reasons, the private keys needed to derive these tokens are not published with the sources.
This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.