🐛 [AppCheck] Support Standard Requests for Play Integrity API

[dustin-graham]

Allow apps to make Play Integrity API Standard Requests (as opposed to the default Classic Requests)

The Play Integrity API documentation indicates that we should be using standard requests for the majority of our use cases. However, after an exhaustive search, I don't believe the Flutter firebase_app_check plugin supports this feature. Indeed, our Play Integrity quotas dashboard in Google Play indicates that all of our token requests are made using Classic Requests. The App Check plugin should support this feature.

[MichaelVerdon]

Hi there, after some investigation, the documents for native android-sdk do not have any mentioning of standard vs classic API and it seems to be something we don't have control over here as app-check natively is a wrapper around playIntegrity and FlutterFire is a wrapper around that. I would highly encourage you to report this issue on the native sdk here

[dustin-graham]

This is the documentation I found on this: https://developer.android.com/google/play/integrity/standard

This documentation provides sample code implementation. Please review.

On Thu, Mar 13, 2025 at 8:46 AM MichaelV00 @.***> wrote:

Hi there, after some investigation, the documents for native android-sdk do not have any mentioning of standard vs classic API and it seems to be something we don't have control over here as app-check natively is a wrapper around playIntegrity and FlutterFire is a wrapper around that. I would highly encourage you to report this issue on the native sdk here https://github.com/firebase/firebase-android-sdk/issues

— Reply to this email directly, view it on GitHub https://github.com/firebase/flutterfire/issues/17190#issuecomment-2721721925, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAHKLOZQE7H7X5NYGMXGNMD2UGR4XAVCNFSM6AAAAABY5FTJOSVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDOMRRG4ZDCOJSGU . You are receiving this because you authored the thread.Message ID: @.***> [image: MichaelVerdon]MichaelVerdon left a comment (firebase/flutterfire#17190) https://github.com/firebase/flutterfire/issues/17190#issuecomment-2721721925

Hi there, after some investigation, the documents for native android-sdk do not have any mentioning of standard vs classic API and it seems to be something we don't have control over here as app-check natively is a wrapper around playIntegrity and FlutterFire is a wrapper around that. I would highly encourage you to report this issue on the native sdk here https://github.com/firebase/firebase-android-sdk/issues

— Reply to this email directly, view it on GitHub https://github.com/firebase/flutterfire/issues/17190#issuecomment-2721721925, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAHKLOZQE7H7X5NYGMXGNMD2UGR4XAVCNFSM6AAAAABY5FTJOSVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDOMRRG4ZDCOJSGU . You are receiving this because you authored the thread.Message ID: @.***>

[MichaelVerdon]

Hi there, I have come across this documentation during my initial investigation but it unfortunately is not direct proof that it is supported by Firebase here, If this is something that the native-sdk has support for we will gladly implement it to FlutterFire too but I have been unable to find proof which makes me think the native-sdk only supports Classic API requests. I think this is a very valid feature request but for us to be able to implement it, the native-sdk also needs to support it hence why I will be keeping this ticket open. So when eventually native-sdk adds support for it we can too.

[dustin-graham]

I understand now. Thanks for the explanation. I appreciate the kind follow up.

On Fri, Mar 14, 2025 at 5:32 AM MichaelV00 @.***> wrote:

Hi there, I have come across this documentation during my initial investigation but it unfortunately is not direct proof that it is supported by Firebase (here: https://firebase.google.com/docs/reference/kotlin/com/google/firebase/appcheck/FirebaseAppCheck), If this is something that the native-sdk has support for we will gladly implement it to FlutterFire too but I have been unable to find proof which makes me think the native-sdk only supports Classic API requests. I think this is a very valid feature request but for us to be able to implement it, the native-sdk also needs to support it hence why I will be keeping this ticket open.

— Reply to this email directly, view it on GitHub https://github.com/firebase/flutterfire/issues/17190#issuecomment-2724541241, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAHKLOZDNP6AL6RII7JDL2L2ULD4XAVCNFSM6AAAAABY5FTJOSVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDOMRUGU2DCMRUGE . You are receiving this because you authored the thread.Message ID: @.***> [image: MichaelVerdon]MichaelVerdon left a comment (firebase/flutterfire#17190) https://github.com/firebase/flutterfire/issues/17190#issuecomment-2724541241

Hi there, I have come across this documentation during my initial investigation but it unfortunately is not direct proof that it is supported by Firebase (here: https://firebase.google.com/docs/reference/kotlin/com/google/firebase/appcheck/FirebaseAppCheck), If this is something that the native-sdk has support for we will gladly implement it to FlutterFire too but I have been unable to find proof which makes me think the native-sdk only supports Classic API requests. I think this is a very valid feature request but for us to be able to implement it, the native-sdk also needs to support it hence why I will be keeping this ticket open.

— Reply to this email directly, view it on GitHub https://github.com/firebase/flutterfire/issues/17190#issuecomment-2724541241, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAHKLOZDNP6AL6RII7JDL2L2ULD4XAVCNFSM6AAAAABY5FTJOSVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDOMRUGU2DCMRUGE . You are receiving this because you authored the thread.Message ID: @.***>