flutterfire
flutterfire copied to clipboard
firebase
🐛 [App Check] Firebase App Check token is invalid.
Bug report
Describe the bug Followed all the instructions to setup App Check for my Flutter Android App and I receive an error all the time. The steps from the documentation apparently are simple. I think the documentation can be improved.
The problem happens trying to upload a file to Firebase Storage:
W/StorageUtil: Error getting App Check token; using placeholder token instead. Error: com.google.firebase.FirebaseException: Error returned from API. code: 403 body: App attestation failed.
E/StorageException: StorageException has occurred.
User is not authenticated, please authenticate using Firebase Authentication and try again.
Code: -13020 HttpResult: 401
E/StorageException: The server has terminated the upload session
java.io.IOException: The server has terminated the upload session
The rest of the stack:
Caused by: java.io.IOException: { "error": { "code": 401, "message": "Firebase App Check token is invalid." }}
at com.google.firebase.storage.network.NetworkRequest.parseResponse(NetworkRequest.java:445)
at com.google.firebase.storage.network.NetworkRequest.parseErrorResponse(NetworkRequest.java:462)
at com.google.firebase.storage.network.NetworkRequest.processResponseStream(NetworkRequest.java:453)
at com.google.firebase.storage.network.NetworkRequest.performRequest(NetworkRequest.java:272)
at com.google.firebase.storage.network.NetworkRequest.performRequest(NetworkRequest.java:289)
at com.google.firebase.storage.internal.ExponentialBackoffSender.sendWithExponentialBackoff(ExponentialBackoffSender.java:76)
at com.google.firebase.storage.internal.ExponentialBackoffSender.sendWithExponentialBackoff(ExponentialBackoffSender.java:68)
at com.google.firebase.storage.UploadTask.sendWithRetry(UploadTask.java:477)
at com.google.firebase.storage.UploadTask.beginResumableUpload(UploadTask.java:276)
at com.google.firebase.storage.UploadTask.run(UploadTask.java:224)
at com.google.firebase.storage.StorageTask.lambda$getRunnable$7$StorageTask(StorageTask.java:1072)
at com.google.firebase.storage.-$$Lambda$StorageTask$_IQT0HwL0SAn4-mUxblkILcDlBo.run(Unknown Source:2)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1167)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:641)
at java.lang.Thread.run(Thread.java:919)
E/StorageException: StorageException has occurred.
User is not authenticated, please authenticate using Firebase Authentication and try again.
Code: -13020 HttpResult: 401
I
Steps to reproduce
Steps to reproduce the behavior:
Modified android/app/src/main/kotlin/com/fitwin/MainActivity.kt
package com.fitwin
import android.os.Bundle
import com.google.firebase.FirebaseApp
import com.google.firebase.appcheck.FirebaseAppCheck
import com.google.firebase.appcheck.debug.DebugAppCheckProviderFactory
import io.flutter.embedding.android.FlutterActivity
class MainActivity: FlutterActivity() {
override fun onCreate(savedInstanceState: Bundle?) {
FirebaseApp.initializeApp(/*context=*/ this);
val firebaseAppCheck = FirebaseAppCheck.getInstance()
firebaseAppCheck.installAppCheckProviderFactory(
DebugAppCheckProviderFactory.getInstance())
super.onCreate(savedInstanceState)
}
}
Modified android/app/build.gradle
dependencies {
implementation platform('com.google.firebase:firebase-bom:28.4.0')
implementation 'com.google.firebase:firebase-analytics'
implementation 'com.google.firebase:firebase-appcheck-debug:16.0.0-beta02'
implementation 'com.google.android.gms:play-services-auth:19.0.0'
}
apply plugin: 'com.google.gms.google-services'
Modified lib/main.dart:
void main() async {
//ensureInitialized
WidgetsFlutterBinding.ensureInitialized();
await Firebase.initializeApp();
await FirebaseAppCheck.instance.activate();
Copied App Check from the logs and assigned to Android App in Firebase/Project/App Check:
com.google.firebase.appcheck.debug.internal.DebugAppCheckProvider: Enter this debug secret into the allow list in the Firebase Console for your project: f0bf546e-407d-49f2-833a-b19d70789deb
I modified App Check to enforce Storage calls. The error is happening in the emulator
Expected behavior
No error
Flutter doctor
Run flutter doctor and paste the output below:
Click To Expand
[✓] Flutter (Channel stable, 2.2.3, on Mac OS X 10.15.4 19E266 darwin-x64, locale en-GB)
[✓] Android toolchain - develop for Android devices (Android SDK version 29.0.3)
[!] Xcode - develop for iOS and macOS
✗ Xcode 11.4.0 out of date (12.0.1 is recommended).
Download the latest version or update via the Mac App Store.
! CocoaPods 1.9.1 out of date (1.10.0 is recommended).
CocoaPods is used to retrieve the iOS and macOS platform side's plugin code that responds to your plugin usage on the Dart side.
Without CocoaPods, plugins will not work on iOS or macOS.
For more info, see https://flutter.dev/platform-plugins
To upgrade see https://guides.cocoapods.org/using/getting-started.html#installation for instructions.
[✓] Chrome - develop for the web
[!] Android Studio (version 2020.3)
✗ Unable to find bundled Java version.
[✓] IntelliJ IDEA Community Edition (version 2020.3.3)
[✓] Connected device (2 available)
Flutter dependencies
Run flutter pub deps -- --style=compact and paste the output below:
Click To Expand
PASTE OUTPUT INSIDE HERE
Not seeing this myself so labeling this based on the report.
I made this problem as in the flutterfire document, it's complete, it works for android on some physical devices, it doesn't work on some physical devices and emulators, it gives the same error. How can I turn off appcheck, by the cloud or using one of the minus versions of the library? I can't find a solution right now.
Perfect @gulmensedat. I have disabled appcheck when i work in develpment mode using the emulator. I am using Nexus 6 emulator.
I had a similar error
W/StorageUtil(14396): Error getting App Check token; using placeholder token instead. Error: com.google.firebase.FirebaseException: Too many attempts.
E/StorageException(14396): StorageException has occurred.
E/StorageException(14396): User is not authenticated, please authenticate using Firebase Authentication and try again.
E/StorageException(14396): Code: -13020 HttpResult: 401
E/StorageException(14396): The server has terminated the upload session
Will someone do something about this ? or will firebase storage never work with App Check ? I have the same problem...
Is there a way to disable AppCheck? Followed documentation of AppCheck (https://firebase.flutter.dev/docs/app-check/usage) for flutter android app. Still getting the below errors. It was working fine until I enabled AppCheck.
failed: Status{code=PERMISSION_DENIED, description=Missing or insufficient permissions., cause=null}
@SwatantraYadav You want to "disable AppCheck", but if you enabled it already, then you can of course disable it in the exact same way. In the Firebase Console of your project, in the App Check window, you'll see the products in which App Check is enforced, click on it and then "deactivate".
Does that answer your question?
Note that App Check is in beta, therefore there are a lot of vulnerabilities. For example I don't think it's working with Firebase Storage.
Finally, if you're getting a "PERMISSION_DENIED" error, then it's good practice to check your rules.
@CodoPixel Thanks I was able to disable AppCheck. Rules were fine, the error was misleading it seems. It should have said something like "App check blocking calls". Once I disabled the AppCheck everything started working fine.
@CodoPixel You can unenforce it but it still spams
W/NetworkRequest(23011): No App Check token for request.
W/NetworkRequest(23011): No App Check token for request.
W/NetworkRequest(23011): No App Check token for request.
W/NetworkRequest(23011): No App Check token for request.
W/NetworkRequest(23011): No App Check token for request.
Is there no way to remove the app check from the apps in firebase (Safetynet / captcha / etc)? Its really annoying and actually using app check just freezes the app for 10 seconds before launching (also doesnt work). Is there no way to actually disable app check and not just unenforce firebase products? Its incredibly annoying and hard to debug other things when appcheck is spamming the same line 20 times a second.
I have those annoying messages in the console too. I don't know a way to disable them, unfortunately.
Hey @cyberpwnn, those warning messages are coming from the firebase-android-sdk. I suggest you open an issue on their repository as it is not coming from FlutterFire which is a wrapper around the native SDK.
I was able to "fix" the described problem "error getting app check token" by adding the SafetyNet attestation provider. At first, I only had Play Integrity activated but according to this bug #9178, it doesn't seem to be initialized in code.
Now I can use Firestore and Storage with enforced App Check from a Flutter application running on my real device. The dashboard also shows verified requests.
I was able to "fix" the described problem "error getting app check token" by adding the SafetyNet attestation provider. At first, I only had Play Integrity activated but according to this bug #9178, it doesn't seem to be initialized in code.
Now I can use Firestore and Storage with enforced App Check from a Flutter application running on my real device. The dashboard also shows verified requests.
Could you show some code?
You do all the attestation provider stuff in Firebase, there are no code changes involved. Just copy your Play Integrity fingerprint to SafetyNet and save. That's all I did and then, it worked.
I enabled AppCheck, then I disabled it.
Now I cannot upload to Firebase Storage. Now I get this warning: "No App Check token for request."
Please follow the latest documentation for implementing App Check here. If you're receiving this exception, it is a problem with your setup at this point.