New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
🐛 [FIREBASE_APP_CHECK] App Check considers all requests to be malicious #6551
Comments
Hi @Michael-Eliosov |
Sometimes there's a different warning like this:
I only get errors if I enforce App Check in the Firebase console, since the request isn't verified. They all look like this:
Or like this (without App Check enforced it works fine):
|
Have you overridden the Firebase native SDK version in |
No. |
Can't reproduce this but I'll label it for some further investigation |
Having similar issue, I created an issue on stackoverflow: |
I've gotten a new warning |
I have the same issue, were you able to resolve it? |
No. For now I just removed the library from my project |
@Michael-Eliosov That's how I set up the debug for android in MainActivity.kt
|
I didn't do any of the debug stuff. |
Try updating Firebase SDK on build.gradle |
I updated the google-services, didn't help |
Not the google services.json; the Firebase SDK. |
DIid not work for me. I upgraded build.gradle to and app/build.gradle to |
I never set up any Kotlin MainActivity. If the result is smaller than @firebase/database@0.10.9, then you need to delete all node_modules folder and package-lock.json inside functions folder, then try install Firebase Admin SDK by writing |
What does the Admin SDK have to do with this? The problem is present in release versions, which aren't affected by it |
That is main requirement to get App Check working with Cloud Function and all other functions within Firebase Admin SDK.
I spent 3 days working all of these in order to make App Check work for all Cloud Functions, Cloud Storage, and its token. Now mine is working and it gets Authenticated => app: valid. auth: valid |
It's instructions for Flutter too. I have tested them all. |
I was dealing with appcheck issue. Let me share the method I run on my physical device. The issue of upload is important, the method used is important, I will share my own piece of code. Also, I think it is necessary to create a register and token in firebase, which is what I did. appcheck safety register and manage-debug-tokens my code:
|
My app is also registered, debug tokens shouldn't affect release versions. My problems are with downloading data, not uploading it |
yes, it's about downloading, it doesn't download on the emulator, but since it downloads on my physical device, I can continue the process. In short, it only works on physical device. |
Well, in my case it doesn't work on physical devices either |
Did you follow the steps in the manual? |
No. Why would that matter for a release build on a physical device? |
When you add this method to the initstate method, it allows appcheck storage, and the auth problem is gone.
|
Hey @Michael-Eliosov, did you manage to resolve your problem? I would note that the "error" you printed looks like a warning from a sub dependency ( |
No. It gives the same error and requests are still invalid even in the release build on physical devices |
Does app check even work? |
I am going around in circles. I've got 15 tabs open about AppCheck. In a Flutter environment I have added code to MainActivity.kt. The code is not executed, but does compile. import io.flutter.embedding.android.FlutterActivity class MainActivity: FlutterActivity() { At the moment I see this exception, but this is probably because I have not provided a debug token? I realize that the AppCheck code may not be stable yet, and changing a lot. Does anyone have a link to an updated list of instructions (end-to-end, with no assumptions made, i.e. permissions?, items that are taken for granted)? |
The Play Integrity API may not have had anything to do with it. Also, for iOS, DeviceCheck had to be used. flutterfire/packages/firebase_app_check/firebase_app_check/ios/Classes/FLTFirebaseAppCheckPlugin.m Lines 111 to 125 in da36b98
|
I've just tested the If you're struggling to follow the Firebase android setup, here are the steps I took:
|
Hey @kevinthecheung, is there any chance we can update the app check documentation for Flutter? I have instructions above for android and here for iOS. Also another open issue for app check debug documentation here Happy to collaborate if you need further information. |
Thanks @russellwheatley. Doesn't this line in your PR add the app check dependency as a project wide dependency ? Eg this is going to be included in the prod build ? Thanks in advance for clarifying, I'm not yet well versed in gradle. Side note, it seems that this setup is quite different from the setup from the official documentation, which is android specific, as some steps are omitted. |
Bug report
Requests don't get verified
After I added App Check to my project, instead of getting verified, requests are considered malicious. This happens both in simulators and real devices. The SHA-256 in the App Check is the same as in the project settings.
The console gives this error:
W/StorageUtil(11305): Error getting App Check token; using placeholder token instead. Error: com.google.firebase.FirebaseException: 16:
My main() looks like this:
Flutter doctor
Click To Expand
Flutter dependencies
Click To Expand
The text was updated successfully, but these errors were encountered: