1

I'm currently in the process of integrating createUserWithEmailAndPassword and other Firebase functions with Firebase App Check for added security. After enabling the "Enforce Authenticated" option in Firebase App Check, I've encountered a consistent issue across all Firebase functions. Here's the returned error:

{ "error": { "code": 401, "message": "Firebase App Check token is invalid.", "errors": [ { "message": "Firebase App Check token is invalid.", "domain": "global", "reason": "unauthorized" } ], "status": "UNAUTHENTICATED" } }

This issue arises when the "Enforce Authenticated" option is enabled. To mitigate unauthorized access, I understand that I need to send the App Check token with the request.

Here's the code snippet where I'm encountering the issue:

async createUserWithEmailPassword(params) {
  return await firebase.auth().createUserWithEmailAndPassword(params.email, params.password).then(async (response) => {
    var firebaseToken = null;

    await response.user.getIdToken().then(function (idToken) {
      firebaseToken = idToken;
    });

    response.user.idToken = firebaseToken;

    return { status: 200, user: response.user };
  }).catch((error) => {
    store.dispatch({
      type: "SET_ERROR",
      items: { hasError: true }
    });
    return { status: 500, ...error };
  });
},

In this code, I'm trying to attach the Firebase Authentication ID token (idToken) to the user object returned by createUserWithEmailAndPassword. However, I've realized that this approach doesn't directly address Firebase App Check tokens.

When using Firebase App Check, my understanding is that I need to include the App Check token in the headers of my requests. The App Check token is generated on the client side and should be sent along with the request to my backend, which then validates the token.

Could someone please provide guidance on how to modify my code to properly include and validate Firebase App Check tokens for secure user registration using createUserWithEmailAndPassword? I'd greatly appreciate step-by-step instructions or code examples to ensure I'm addressing this issue correctly.

Thank you in advance for your assistance!

Rishab Goyal
  • 11
  • 1
  • Isn't this the same problem that you asked about earlier today? Going forward, please limit yourself to a single post per problem - an provide all necessary information in that post (there's an `edit` link under the post so that you can make change to it). – Frank van Puffelen Aug 13 '23 at 03:21

0 Answers0