How to implement App Check on firebase with ReactJs frontend?

Question

Can anyone give flow chart for this service?

After registering the app and enforcing the app check, how does firebase send token on every request?

    const appCheck = firebase.appCheck();
    // Pass your reCAPTCHA v3 site key (public key) to activate(). Make sure this
    // key is the counterpart to the secret key you set in the Firebase console.
    appCheck.activate(
    '<ReCaptcha V3 site key>',

    // Optional argument. If true, the SDK automatically refreshes App Check
    // tokens as needed.
    true);

    const token = appCheck.getToken()
    token.then(()=>{
      console.log("success", token)
    }).catch(()=>{
      console.log("failed")
    })

getToken() returns a promise which has a jwt token (with expiration time as defined while registering the app) which includes the details for app on firebase. Now what to do with this token and how to include it in request? There isnt much to go on in App Check documentation.

What type of request do you want to pass the token to? – Frank van Puffelen Aug 05 '22 at 14:07 — Frank van Puffelen, Aug 05 '22 at 14:07

score 0 · Answer 1 · answered Aug 05 '22 at 14:10

The Firebase SDKs already pass the App Check token to the server if it's available, so there's no need for you to do that. All you need to to us initialize App Check and then at some point enforce App Check in the Firebase services where you want it.

If you want to pass the token with a request to a custom server, you can use any mechanism you want to do so. On the server, you can then verify the token to ensure the request came from an authentic device and app installation.

How to implement App Check on firebase with ReactJs frontend?

1 Answers1