@WillowMobileSystems
Thank you for this very valuable contribution, highly appreciated. As you have mentioned; the only bulletproof security is the one which is provided by official, proven oAuth protocols. Other features added on top of this, is just for additional layer of security. I have presented this demo app to show the community and interested users, how such a layer like 2FA can be mimiced within an AppSheet development.

Actually, I was pointing out that there are NO bulletproof approaches…only MORE secure options. Every security approach has vulnerabilities. Just need to select the one the best suites the requirement.

…and BACKUP, BACKUP, BACKUP the data. The best any of us can do is be prepared in the case of an attack to restore the system quickly.

What do you mean backup the data? Like drive data?

@LeventK

UPDATE: Disregard the question below. The app is not under a Pro plan so SMS messages are not sent - even as a personal app. Makes sense. I can see how SMS could be exploited and/or abused since there isn’t really a way to validate who the phone number belongs to.

Hi! I have been testing on a copy of your 2FA app. Thank you very much for this by the way.

Sending codes to Email and as Push Notifications works beautifully. However, I do not seem to receive the SMS messages. I’ve checked the logs and there are no errors. I have reviewed the phone settings and everything seems to be fine with regards to receiving SMS. I am using an iPhone 7. I have not used SMS at all in any of my apps so I’m not that familiar with this feature.

Do you know of anything else I should check into to determine why the SMS messages are not coming through?

Is there an automated way to do this? Mine is nearing 40GB of just app-sheet related data

Most likely. Perhaps we should move the discussion of backups to another thread. That topic can go on for a while!!

@Jonathan_S

Hi @Jonathan_S We use Spinbackup.

Perfect. Just signed up currently backing up:).

just that extra peace of mind,

Thank you,

@WillowMobileSystems

It’s by-design like that. After you insert the code and it’s saved, you will notice from the detail view that it’s been verified. Provided you haven’t inserted the code within 90 secs or your code is older than 60 mins, the form will generate an error.

Basically; as the table is filtered as per USEREMAIL(); you are editing your own initially created record, not adding a new row all the time. The table actually adds a new record if and only if you haven’t created one initially. After that is created, you’ll be editing that record behind the curtains at all times

When you REFRESH a code, that code is added to another table via webhook (where you had accomplished the same via a Form Saved Action I believe) so that the app can track the datetime stamp of the user’s lates code for the time limit assigned via SETTINGS.

I have tested my demo app and the webhook seems working fine. It’s weird that it had arisen a bad request error for you.

Please keep me posted if you discover any errors or non-working feature, so that I can find a chance to correct it in my sample app as well. Thanks for your consideration mate.

I’m sorry. I didn’t explain well enough.

AFTER entering the supplied code via email and within the required time, the data tables never become viewable. This is because the entered codes were NOT being written into the CODES table which is required to properly authenticate the user. There is some syntax issue with the JSON code causing the webhook to fail to add the newly entered and valid code.

@WillowMobileSystems
Hi John,
CODES table never become viewable because by-design and intentionally it’s not assigned to a UX View at all. The aim of that table is just to create a valid LOOKUP database to be able to calculate the timespan of the last used code for each specific user/useremail.

Was that syntax issue from your side or from my side? I would like to check. Thanks.

Sorry, by “data tables” I meant Table A, Table B and Settings. They never become viewable after entering a valid code. Meaning when I click on one of them from the Home screen, I am always presented with the 2FA view. When that happened, I searched for root cause and found that error message provided in the previous message above.

It is odd that the webhook works for you but not me. All I’ve done is copied the app and tried it out. This isn’t anything more I need to do to make it work…right?

Regardless, I go it to work with an action and I understand enough about it which was the goal.

Thank you for putting out this sample. it was perfect timing for me.

Thanks for your valuable feedback John, highly appreciated on my side.

It bothered me a little that I couldn’t get the app to work with the webhook. Admittedly, I am not familiar with webhooks in AppSheet. So I played with it a bit more.

I am wondering, after downloading the app, do I need to adjust any of the webhook settings?

See below images. I tried updating the App ID in the webhook step which resulted in the error shown. But even after enabling the AppID. the error persists

What do I need to do to make this webhook work for me?

AppID updated to my app

Error after updating AppID

Integration is enabled - I think

OK, finally got this working.

After enabling the API, it seems a refresh of the editor web page is required.

Note that the webhook workflow implementation is different (i assume a newer version) than that in the sample app.

After correcting the API enabled error, I did get a logged error message that “ID” was not a column in the table. Note from the images in the previous post, the table specified is “2FA” but the webhook is trying to add a row into the “CODES” table.

I updated the webhook step to the table name of “CODES” but after a save it reverted back to “2FA”. Surprising, the workflow ran and is running successfully. Log entries show the webhook is running against the “CODES” table in spite of the workflow step showing “2FA” as the table. Maybe this is an editor bug in the “new” webhook interface?

@WillowMobileSystems
I have checked the workflow in my sample app and my settings are the same as yours. And I reckon that even-if I change the target table name to CODE, after save it reverts back to 2FA. However the webhook successfully runs and does the job as expected in CODES table.

@Phil,
Can you have a check on this issue?
My ID: 245151
AppName: 2FA
Workflow Rule Name: CREATE AUTH CODE