2

I'm closely following app check documentation in order to use debug token, however instead of seeing it logged out in the console I see following error (when running in debug simulator from xcode)

EDIT: Everything works as expected in testflight / real device build

EDIT 2: Created related github issue

[Firebase/AppCheck][I-FAA004002] Failed to exchange debug token to app check token: Error Domain=com.firebase.appCheck Code=0 "The server responded with an error: 
 - URL: https://firebaseappcheck.googleapis.com/v1beta/projects/[my-project-id]/apps/1:[sensitive-data]:ios:[sensitive-data]:exchangeDebugToken 
 - HTTP status code: 403 
 - Response body: {
  "error": {
    "code": 403,
    "message": "App attestation failed.",
    "status": "PERMISSION_DENIED"
  }
}

Thus far I've implemented following steps, but had no luck

  1. Enabled both attestation providers for my ios project (App Attest got enabled automatically when I added my team id) enter image description here
  1. Added FIRAppCheckDebugProviderFactory in my code i.e.
  #if DEBUG
    FIRAppCheckDebugProviderFactory *providerFactory = [[FIRAppCheckDebugProviderFactory alloc] init];
    [FIRAppCheck setAppCheckProviderFactory:providerFactory];
  #endif
  
  [FIRApp configure];
  1. Added -FIRDebugEnabled to my debug run launch arguments in schema enter image description here
  1. Added AppCheck capability to my target and set .entitlements App Attest environment to production enter image description here
Ilja
  • 44,142
  • 92
  • 275
  • 498

2 Answers2

3

This was resolved upstream via addition to documentation https://github.com/firebase/firebase-ios-sdk/issues/9547#issuecomment-1097424478

In short

  1. The very first time app is installed / started it logs debug token
  2. Once debug token is logged it should be added in firebase dashboard
  3. After this all subsequent launches of the app reuse debug token that was logged initially
  4. If initial token was not added to firebase console a 403 error will be thrown as app is using unverified token
Ilja
  • 44,142
  • 92
  • 275
  • 498
  • 4
    What should I do if I don't see the debug token after running "flutter run" for iOS from the console? Maybe I missed it the first time. Can I show the debug token again later? – lukassteiner Nov 06 '22 at 06:57
1

You must also enable Manage Debug Tokens , this link and pic can help you:

https://firebase.google.com/docs/app-check/ios/debug-provider?authuser=0&hl=en

enter image description here

enter image description here

Maziar Saadatfar
  • 1,286
  • 1
  • 5
  • 11
  • 1
    Issue is that I never get the debug token that needs to be pasted into this view i.e. no "SDK log message" happens due to error above – Ilja Apr 07 '22 at 11:59
  • @Ilja maybe the link helps you: https://stackoverflow.com/questions/68299859/can-not-generate-a-debug-token-for-firebase-storage-with-app-check – Maziar Saadatfar Apr 07 '22 at 19:37
  • Tried re-downloading my info plist file (iOS), but there is no change there. Will keep trying. thank you for your suggestions by the way – Ilja Apr 08 '22 at 08:38