flutterfire icon indicating copy to clipboard operation
flutterfire copied to clipboard

Published 20 hours ago • verified publisher icon firebase

🚀 [firebase_app_check] Support passing `debugToken` as parameter similar to React Native App Check library

Open thedalelakes opened this issue 2 years ago • 5 comments

What feature would you like to see?

In the React Native package for Firebase App Check, they created their own custom provider that essentially overrides the debug provider token. This allows a developer to specify a static, generated debug token in their code to use.

This is very convenient because, in the case where the developer must uninstall / reinstall the app, they can use the same debug token. Currently, a Flutter developer that installs a new version of the app must manually copy and paste the debug token from XCode / Logcat console output into their Firebase web console (and delete the old token), which becomes tedious when testing certain functionality that requires fresh installations of the application.

Relevant links & code:

  • https://rnfirebase.io/app-check/usage#configure-a-custom-provider
  • https://github.com/invertase/react-native-firebase/blob/2d8ac144a14e79ce1846ecab077f8d7b69d11f05/packages/app-check/android/src/main/java/io/invertase/firebase/appcheck/ReactNativeFirebaseAppCheckProvider.java#L36
  • https://github.com/invertase/react-native-firebase/blob/2d8ac144a14e79ce1846ecab077f8d7b69d11f05/packages/app-check/ios/RNFBAppCheck/RNFBAppCheckProvider.m#L40

thedalelakes avatar Oct 17 '23 16:10 thedalelakes

I'm willing to complete this issue myself and submit a PR for it. I just want to first make sure that this feature would actually be accepted by the Firebase / FlutterFire core maintainers, given the security implications.

thedalelakes avatar Oct 25 '23 16:10 thedalelakes

It's also useful for tests in CI.

xVemu avatar Mar 25 '24 10:03 xVemu

We really need this for debug tokens to be useful and maintainable. We're generating and updating our debug tokens via Terraform, but currently we can't use these in the Flutter apps as there is no method to supply our own token.

@thedalelakes did you ever get to work on a PR for this?

josh-burton avatar Apr 11 '24 02:04 josh-burton

@josh-burton unfortunately I don't have the time to work on this at the moment. I ended up just turning off App Check enforcement in my dev environment.

thedalelakes avatar Apr 18 '24 15:04 thedalelakes

I think on IOS you can use point 4 from guideline

xVemu avatar Apr 19 '24 10:04 xVemu

Since the PR (#13101) hasn't maintenance for a long time, I've created a PR (#16942) to support debug tokens. It works on iOS and Android platforms. Please feel free to go ahead and test it out. I'm waiting for the team to review it.

furkankurt avatar Jan 10 '25 11:01 furkankurt