0

I have implemented AppCheck in my application following the Firebase documentation. One of the videos says that for iOS, you just need to install the SDK and the configuration will be automatic. However when I go back to the written documentation of AppAttest I see some code to put for the initialization, as an example :

class YourSimpleAppCheckProviderFactory: NSObject, AppCheckProviderFactory {
  func createProvider(with app: FirebaseApp) -> AppCheckProvider? {
    return AppAttestProvider(app: app)
  }
}

(I would like to clarify that my metrics are correct and that when I test my application, the requests are indeed accompanied by a valid token).

Do I have to implement it, and if not, what is it for?

Thank you!

Sofian Tragha
  • 5
  • 2

1 Answers1

0

tldr; Integrating AppCheck into your app may require some code changes depending on what attestation providers you want used to generate AppCheck tokens.

How do I know if appcheck is implemented correctly?

If you're able to see request metrics in the Firebase console, AppCheck is implemented correctly and working.

One of the videos says that for iOS, you just need to install the SDK and the configuration will be automatic.

The AppCheck SDK will use Apple's DeviceCheck as the attestation provider by default to generate tokens. So, in this way, the configuration is automatic.

However when I go back to the written documentation of AppAttest I see some code to put for the initialization...

Apple's AppAttest is a different attestation provider and is not used by default. If you want AppCheck to generate tokens using AppAttest, you'll need to add code to configure AppCheck to do so.

Do I have to implement it, and if not, what is it for?

It depends on your use case, I'll explain:

The AppCheck SDK uses AppCheckProviders to generate app check tokens.

AppCheck gets these AppCheckProvider instances from AppCheckProviderFactorys. As mentioned earlier, AppCheck will use DeviceCheck by default so if no AppCheckProviderFactory is manually set, AppCheck will use the conveniently implemented DeviceCheckProviderFactory.

You can set AppCheck's AppCheckProviderFactory by using the AppCheck.setAppCheckProviderFactory(_:) API. If you choose to do so, it must be done before calling FirebaseApp.configure(). See below example from documentation:

let providerFactory = YourAppCheckProviderFactory()
AppCheck.setAppCheckProviderFactory(providerFactory)

FirebaseApp.configure()

So, to answer your question, whether or not you implement the AppCheckProviderFactory protocol depends on what AppCheckProviders you want used to generate app check tokens.

If you want AppCheck to use any provider other than the DeviceCheckProvider or a combination of providers, then you'll need to implement the AppCheckProviderFactory protocol and set AppCheck to use the implemented factory.

There are 4 types of AppCheckProviders:

  1. AppAttestProvider
  2. DeviceCheckProvider
  3. AppCheckDebugProvider
  4. Custom providers that you create as a subclass of AppCheckProvider

For instance, here's an example factory implementation where AppCheck will use the debug provider if in debug mode, AppAttest provider if the OS version supports AppAttest, or falls back to using the DeviceCheck provider if AppAttest is not supported.

class YourAppCheckProviderFactory: NSObject, AppCheckProviderFactory {
  func createProvider(with app: FirebaseApp) -> AppCheckProvider? {
    #if DEBUG
      return AppCheckDebugProvider(app: app)
    #endif


    if #available(iOS 14.0, *) {
      return AppAttestProvider(app: app)
    } else {
      return DeviceCheckProvider(app: app)
    }
  }
}

As you can see, a custom AppCheckProviderFactory allows you to finely control what provider AppCheck uses.

I hope this answered your questions!

ncooke3
  • 548
  • 3
  • 10