When is the appCheck.onTokenChanged callback invoked?

Question

I am using appcheck in my web project and setting it up like so:

const appCheck = firebase.appCheck();
appCheck.activate( "my site key", true);
appCheck.onTokenChanged((token) => {
   console.log("Token:", token);
});

Am I correct to assume that if the onTokenChanged callback is invoked then the browser has passed appcheck attestation?

If this is so then my intention is that I would enable analytics when the callback is invoked as I can be reasonably sure that it is a legitimate user not a bot.

Frank van Puffelen · Accepted Answer · 2021-08-11T20:00:08.900

2

When you call onTokenChanged your callback will be:

If the App Check token already exists, your callback is invoked immediately with that value.
If the App Check token doesn't exist yet, your callback will be invoked once it is generated.

In addition:

Your callback will always be invoked when the App Check token is updated.

In any of these cases, the app has passed the checks by the attestation provider.

edited Aug 11 '21 at 20:00

answered Aug 11 '21 at 18:13

Frank van Puffelen

565,676
79
828
807

score 0 · Answer 2 · answered Aug 11 '21 at 12:48

0

Natively, this is handled like other onEvent listeners within Firebase and will return the value on success. This includes AppCheck and you can assume that the instance is authentic when it has passed App Check.

answered Aug 11 '21 at 12:48

DIGI Byte

4,225
1
12
20

When is the appCheck.onTokenChanged callback invoked?

2 Answers2