Stack Overflow
Stack Overflow

Questions tagged [firebase-app-check]

App Check works alongside other Firebase services to help protect your backend resources from abuse by allowing only your apps to access them.

App Check works alongside other Firebase services to help protect your backend resources from abuse, such as billing fraud or phishing. With App Check, devices running your app will use an app or device attestation provider that attests to one or both of the following:

  • Requests originate from your authentic app
  • Requests originate from an authentic, untampered device

This attestation is attached to every request your app makes to your Firebase backend resources.

App Check has built-in support for using the following three services as attestation providers:

  • DeviceCheck on iOS
  • SafetyNet on Android
  • reCAPTCHA v3 on web apps

If these are insufficient for your needs, you can also implement your own service that uses either a third-party attestation provider or your own attestation techniques.

App Check currently works with the following Firebase products:

  • Realtime Database
  • Cloud Firestore
  • Cloud Storage
  • Cloud Functions (callable functions)

Related tags

315 questions
3
votes
1 answer

Why this callable cloud function is failing with "app":"MISSING"?

I am calling a cloud function which runs a transaction, however it is returning an error to console which says: Callable request verification passed {"verifications":{"auth":"VALID","app":"MISSING"}} Googling it led me to App Check which is a new…
showtime
  • 1
  • 1
  • 17
  • 48
3
votes
1 answer

Firebase AppCheck web app not working in production mode

I cannot get Firebase AppCheck to work in production mode on a Vue.js project with Firestore and Storage. But It works normally in development. const appCheck: AppCheck = initializeAppCheck(firebaseApp, { provider: new…
Fei Whang
  • 209
  • 4
  • 11
3
votes
0 answers

Next Js Firebase Recaptcha V3 verification

I'm very confused about the Recaptcha V3 implementation and it is not clear to me if actually need to implement it on my website or if initializing Appcheck with my Recaptcha V3 credentials is enough: Appcheck does successfully initialize and I have…
PleaseDontHurtMe
  • 75
  • 1
  • 6
3
votes
2 answers

Native Android Firebase AppCheck App attestation failed

I am running the following code from android to get the AppCheck Token. However, I am getting an error with in. FirebaseAppCheck.getInstance() .getAppCheckToken(true) .addOnSuccessListener(new…
letsCode
  • 2,774
  • 1
  • 13
  • 37
3
votes
1 answer

All my requests to Firestore are classified as unverified because of AppCheck?

I enforced Firebase AppCheck for Firestore. Now, when I try to access data, I get an error: firebase .firestore() .doc(firestoreRoot.configs.priceIds._pathUrl) .get() .then((v) => console.log(v.data())); In Firebase, it…
Simon Tran
  • 1,461
  • 1
  • 11
  • 28
3
votes
3 answers

Using Firebase App Check Debug Provider with Angular

This is not a duplicate of How to initialise Firebase App Check in Angular because I can successfully initialise an app using reCAPTCHA Enterprise. This question is about initialising an app using the Debug Provider. The Firebase documentation…
Jack
  • 10,313
  • 15
  • 75
  • 118
3
votes
0 answers

How to get valid Firebase appcheck token after reconnecting to network?

I am using Firebase appcheck in my android app. It works great, except that it consistently fails if I start the app in airplane mode then disable airplane mode (i.e., simulating opening the app without a network connection, then gaining a network…
mathAndCats
  • 81
  • 5
3
votes
1 answer

How do I enforce App Check in Cloud Firestore?

I have set up App Check in my Firebase Project, for both my mobile app and my web app. Once I was done with that, I have enabled App Check in various Firebase products such as Cloud Functions and Cloud Storage, following the instructions…
mastazi
  • 1,623
  • 26
  • 41
3
votes
0 answers

How to implement Firebase AppCheck inside firebase function to read Realtime database?

In my webapp I make http call to firebase function that reads RealtimeDatabase. Once I enforce AppCheck, this cloud function in unable to access the RealtimeDatabase. Since I use firebase hosting and templating through functions, My static pages…
Yuvaraj K
  • 31
  • 4
3
votes
3 answers

What is the purpose of Firebase AppCheck?

I want to improve the security of my application and I'm looking into the Firebase App Check service which ensures that all requests made to the server come from my application. Only in Firebase Realtime Database I put the following rules: "Users":…
Marwan Tragha
  • 111
  • 6
3
votes
1 answer

Enforcing AppCheck on Firebase Realtime Database has no effect

I have a webpage which receives data from a realtime database using the following javascript…
Xcoder
  • 43
  • 5
2
votes
1 answer

Do firebase auth tokens or firebase app-check tokens protect my backend against external request of "legitimate" users?

I am wondering about the security of my mobile app. I want to avoid the case where "legitimate" users (i.e. users that have a real account on my app) copy their tokens to spam arbitrary requests to my backend. Here is my setup: I have a Firebase…
Nik
  • 1,093
  • 7
  • 26
2
votes
0 answers

Firebase AppCheck token validation failing with "incorrect 'aud' claim" error

I am implementing Firebase AppCheck in my Flutter app, and have followed the Firebase documentation to configure everything correctly. I have successfully obtained a token from my app, but when I try to validate it on the backend server, I receive…
Bill
  • 21
  • 2
2
votes
0 answers

Firebase App check suddenly getting error invalid token

I am integrating AppCheck with realtime database in flutter. As per documentation its working perfectly. i tested for both platforms (iOS & Android). My token is expiring TTL duration (7 days) with enforced option. now i am checking in iOS platform…
Vishal Zaveri
  • 1,372
  • 2
  • 5
  • 12
2
votes
0 answers

Is there any solution for removing reCaptcha from firebase-auth?

How to remove reCAPTCHA verification when using PhoneAuth Provider of Firebase Auth into Flutter, March 2023. I have registered my app to App Check in firebase console with play integrity. Also I have added the code for that in my app as below. void…
Gautam Patel
  • 31
  • 6
1 2 3
20 21