1

I am trying to validate an AppCheck DEBUG token generated following the directions of the documentation here: https://firebase.google.com/docs/app-check/flutter/debug-provider?hl=en&authuser=0

enter image description here enter image description here

I created a debug token using the "Generate token" button on one of my registered apps which resulted in a token that looks like this: 9DE9100-A019-4AB6-AMS9-FD5SD10925DD.

However, anytime I try to verify it on my backend with

const res = await admin.appCheck().verifyToken(req.header('X-Firebase-AppCheck'));

I get the following error thrown:

FirebaseAppCheckError: Decoding App Check token failed. Make sure you passed the entire string JWT which represents the Firebase App Check token.
{
  errorInfo: {
    code: 'app-check/invalid-argument',
    message: 'Decoding App Check token failed. Make sure you passed the entire string JWT which represents the Firebase App Check token.'
  },
  codePrefix: 'app-check'
}

I've tried sending this token from a Postman request, and implemented a mocha test in my code, but both fail equally. The only thing I can think of, is that the token wasn't generated by the SDK in my app, but rather using the Generate Token button, but I don't see why that should matter.

Any ideas as to what I might be doing wrong?

Jacobo Koenig
  • 11,728
  • 9
  • 40
  • 75

1 Answers1

0

I'm having a similar issue here , it may or may not be related because I'm using Angular Fire. I have a feeling your issue is that you haven't set self.FIREBASE_APPCHECK_DEBUG_TOKEN to the debug token.

UPDATE: You need to use await getToken() in your client and send that as your X-Firebase-AppCheck header:

async getAppCheckToken(): Promise<string | AppCheckTokenResult | undefined> {
    try {
      info(this.appCheck);
      this.tokenResult = (await getToken(this.appCheck)).token; 
      info(this.tokenResult);
    } catch (err) {
      error(err);
    }
    return this.tokenResult;
  }

it will generate a debug provider jwt that you can check on jwt.io, it's payload should look like the following:

{
  "sub": "<appId>",
  "aud": [
    "projects/<project-number>",
    "projects/<project-name>"
  ],
  "provider": "debug",
  "iss": "https://firebaseappcheck.googleapis.com/<project-number>",
  "exp": 1684275518,
  "iat": 1684271918,
  "jti": "<jwt-uuid-redacted>"
}
Zwiqy45
  • 41
  • 7