Slug as Privacy Rule - No Login - Slug as a Token

Hi There !

Is there a way to set “slugs” as a Token for Privacy Rule?

For Instance, I wanna send proposals from Bubble, and I’d like to set a randon token in the “slug”.
So that, it is private for everyone, execpt for those how have the link itself…

For instance:
https://myapp.com/delivery/01021e958b
The last part of my url is a “slug” used as a Token.

How do I set that in my Privacy Rules?
Shoud be closed for anyone, except for those who have access to the link itself.
A must in this solution.: User with the link should not be asked to log in!

Tks in advance for any idea !

There is one neat Bubble trick I know for this problem. On page load of the linked page, grab and set the magic token value onto the user. eg something like:
on page load -> Current Users current token = extract magic token from URL (regex or whatever or make your life easier by using a parameter).

Then on table that holds your special data have a privacy rule that is:
Currrent user's magic token is Data table's Magic token (and leave on searching in the privacy rule)

Good luck :slight_smile:

2 Likes

But this way, if I understand, you’re “log in” by Url Token… isn’t it?
I have to have an user for that… So, I’ve got to have may users for that !

If I understood, should not be pratical…
Any other idea? :upside_down_face:

The user does not have to login. Read about temporary users in the manual
https://manual.bubble.io/help-guides/working-with-data/authenticating-users

Why not put together a quick proof of concept to see if it works or not? :slight_smile:

That’s a great idea !
I just have to grab some more knowledge to try it !
Let’s see your video and have a try !
Tks, for the moment, hands on ! :laughing:

Sorry !!!

It writes to the database, but, for some reason Privacy Rules does not works this way…

  1. I’ve created a field called “SlugNeat”, and set it picking data from url slug, to current’s user;

  2. I’ve checked and it is working…
    image
    image

  3. I’ve set a Privacy rule as below;

It does write in database (not logged in), but cannot read from it…

However… If I’m logged as any user, it does work.

Any idea?

1 Like

Hi,

I worked on this exact thing a while back. If you’re logged in then it’s likely a separate privacy rule in action that allows you to see the data.

The issue I had was resolved by calling the data after the page load, or refreshing the page but that required some more complex workflows.

You could either trigger an update data workflow or set a custom state and link it to a conditional on the value in your element. This would then trigger the call from the database with the new privacy rule applied, after adding the token to the current user (logged in or out).

1 Like

So… there is a solution… that’s a good news !
You could retrieve secure data from an logged out user? That’s the main point here…
It seems to me that we can change data from an unlloged user, at least at Userdatabase…
Doing some tests here to find a solution…

  1. A state would be lost after refresh, isn’t it…?
  2. So a backend workflow might be necessary…

Still working on a solution, any help would be great !

I can write to an unlloged user database, that’s good ! :laughing:

I cannot retrieve any data, it does not seems to work like a logged in user as for Privacy Rules… :sweat_smile:

I built a page demonstrating a reusable pseudonymous login using tokens in the slug. Take a look.

On my to do list is to support token login and regular login by setting up alias accounts for every user and then setting the privacy rules so that the alias can view the user account and vice versa.

1 Like

Fantastic solution aaronsheldon
Simple and very clean…
I’ll have to setup a workflow to clean my database (a lot of randon users…), but your solution is awesome, very secure !
I was almost giving up…
Tks !!!

So, the final solution (Maybe Useful for other users)

  1. Create a random email;
  2. Create an account with email in step 1;
  3. Assign a temporary password;
  4. Change password - credentials, using temp password step 3;
  5. Set an User slug by GET Url parameters;

Beforhand Set a Privacy Rule using slugs in the data you wanna show comparing to User Slugs…

I’ll post up a reply with the detailed steps. This one is on our list to build a video around.

I’m sure many Bubblers don’t know it is possible !
A video or a detailed solution might help other users…

Tks again!

I felt bad :roll_eyes: that I might have given out some bad advice after seeing @aaronsheldon :+1: reply … so I went and double-checked- and I did make a mistake - sorry about that :upside_down_face: . Aarons’s solution will work I think also … but I would do it slightly different with the privacy rules Maybe someone will point out a problem with my design … which would be good learning for me. But I think you can do this without creating temporary users.

The mistake I made was saying don’t make the token searchable in the privacy rule. I edited the original post to be correct.

Here’s a link showing how I would do it.
https://bubble.io/page?type=page&name=anonymous_token&id=knowcode-tech&tab=tabs-3&subtab=Privacy

Here’s a video walking you through the editor.
https://youtu.be/hmlmJtvvKd0

Demo here: Your Bubble app

lindsay_knowcode, finally working, great solution… ! No user creation… So 2 good solutions in a few hours ! :smile:

A small issue though…
Sometimes I’ve to load twice…
It loads previous token instead (only in Repeating Group…), so an odd behaviour…

Have a try, click in the links many times, and see for youself:

Is is loading Repeating Group before making changes to Current User…
That’s why I need a refresh…
Is there a way to solve that, without tricks? :laughing:

Yes that timing issue of the User change to the RG change is just the way Bubble works. I’d say in the “real” world for validating anonymous tokens, you would not rely on a RG updating as per my example but update a custom state to change the UI, show hide/some group, redirect the User to another Bubble page, or some explicit workflow action to change the UI state.

I used a RG in the example to prove to myself that the Privacy Rules worked :slight_smile: not because I thought that was a good way to signal in the UI that the token was valid.

Excellent !
A pleasure to talk to you.
Regards!

This topic was automatically closed after 70 days. New replies are no longer allowed.