I have recently added Firebase App Check in my Flutter app.
I am calling Cloud functions with the https.onCall() method. However i am receiving this error :
> {"severity":"WARNING","message":"Failed to validate AppCheck token. FirebaseAppCheckError: Decoding App Check token failed. Make sure you passed the entire string JWT which represents the Firebase App Check token.
at FirebaseAppCheckError.FirebaseError [as constructor] (/Users/foxtom/Desktop/Cloud Functions/functions/node_modules/firebase-admin/lib/utils/error.js:44:28)
at FirebaseAppCheckError.PrefixedFirebaseError [as constructor] (/Users/foxtom/Desktop/Cloud Functions/functions/node_modules/firebase-admin/lib/utils/error.js:90:28)
at new FirebaseAppCheckError (/Users/foxtom/Desktop/Cloud Functions/functions/node_modules/firebase-admin/lib/app-check/app-check-api-client-internal.js:187:28)
at /Users/foxtom/Desktop/Cloud Functions/functions/node_modules/firebase-admin/lib/app-check/token-verifier.js:82:19
at processTicksAndRejections (node:internal/process/task_queues:96:5) {
errorInfo: {
code: 'app-check/invalid-argument',
message: 'Decoding App Check token failed. Make sure you passed the entire string JWT which represents the Firebase App Check token.'
},
codePrefix: 'app-check'
}"}
> {"verifications":{"app":"INVALID","auth":"MISSING"},"logging.googleapis.com/labels":{"firebase-log-type":"callable-request-verification"},"severity":"WARNING","message":"Callable request verification failed: AppCheck token was rejected."}
The severity seems to be WARNING only but it doesn't execute the function. My function only contains a console.log()
In my app i have this error :
W/FirebaseContextProvider( 6788): Error getting App Check token; using placeholder token instead. Error: com.google.firebase.FirebaseException: Error returned from API. code: 403 body: App attestation failed.
I/flutter ( 6788): Error is : [firebase_functions/unauthenticated] Unauthenticated
I have not enforced anything like suggested in the documentation
This is preventing me from using Cloud Functions and i can disable App Check for my app anymore...
EDIT :
I add that Firebase Storage and RealTime Database are working fine without any debug AppCheck token when it's not enforced.
What can I do ?
I created a reproducible code sample, which you see here: https://github.com/nilsreichardt/playground/tree/firebase-app-check-cloud-function-unauthenticated-issue/firebase-app-check-cloud-functions-unauthentificated
Therefore, I created a detailed issue in the FlutterFire repository: https://github.com/FirebaseExtended/flutterfire/issues/6794
A first workaround already posted as a comment and I'm sure that more workarounds or solutions will follow.
Firebaser here.
Thank you for reporting this issue -- we have now released a fix to all platforms that should resolve this issue. Please refer to the Github issue for full details.
Related
I am trying to connect to firestore from a Nuxt3 app. But on the server side rendering it throws this error:
error [FirebaseError: Failed to get document because the client is offline.] {
code: 'unavailable',
customData: undefined,
toString: [Function (anonymous)]
}
Any idea why this happens? How I can fix it?
You can activate online persistence, by following the instructions https://firebase.google.com/docs/firestore/manage-data/enable-offline#web-version-9 choose the version correctly. This seems to be an error with the SDK -> Firebase Cloud Firestore throws "client is offline"
I am struggling to connect to the emulated Firebase Auth service via the Firebase Admin SDK. I cut down the code to really make the problem stand out, and hope someone can help.
This is the code of the test.js I run (in NodeJS):
// Someone said these two lines should allow the firebase-admin
// SDK to connect to the emulators, but... no.
process.env['GCLOUD_PROJECT'] = 'my-firebase-project-id'
process.env['FIRESTORE_EMULATOR_HOST'] = 'localhost:8080'
const admin = require('firebase-admin')
const app = admin.initializeApp()
const auth = app.auth()
console.log('I have an auth service object')
auth.listUsers().then(users => console.log(users))
I run the emulators like this:
firebase emulators:start --only auth
When I run the test.js file, I get this:
PS C:\...\functions> node .\test.js
I have an auth service object
(node:18232) UnhandledPromiseRejectionWarning: Error: Credential implementation provided to initializeApp() via the "credential" property failed to fetch a valid Google OAuth2 access token with the following error: "Error fetching access token: Error while making request: getaddrinfo EAI_AGAIN metadata.google.internal. Error code: EAI_AGAIN".
at FirebaseAppError.FirebaseError [as constructor] (C:\...\functions\node_modules\firebase-admin\lib\utils\error.js:44:28)
at FirebaseAppError.PrefixedFirebaseError [as constructor] (C:\...\functions\node_modules\firebase-admin\lib\utils\error.js:90:28)
at new FirebaseAppError (C:\...\functions\node_modules\firebase-admin\lib\utils\error.js:125:28)
at C:\...\functions\node_modules\firebase-admin\lib\app\firebase-app.js:87:19
at processTicksAndRejections (internal/process/task_queues.js:97:5)
I run this on Windows with the following versions of firebase:
"firebase-admin": "^10.0.2",
"firebase-functions": "^3.18.1",
I read about getting a secret credentials key and adding its path like this:
process.env['GOOGLE_APPLICATION_CREDENTIALS'] = 'C:\\...\\functions\\.runtimekey.json'
And that 'works' in as much as I then can access the real cloud auth instance (as long as the emulators is off) but that isn't what I want. I want to connect firebase-admin and get a list of users in the emulated Auth instance.
Many thanks for any help you can offer!
Set the environment variable FIREBASE_AUTH_EMULATOR_HOST
export FIREBASE_AUTH_EMULATOR_HOST=localhost:9099
Do not include the protocol scheme (i.e http/https)
Or in your case:
process.env['FIREBASE_AUTH_EMULATOR_HOST'] = 'localhost:9099'
Then you can initialise the app as per normal
admin.initializeApp()
Worked for me (after I finally figured out not to include the protocol scheme)
source: https://firebase.google.com/docs/emulator-suite/connect_auth#admin_sdks
Without having changed anything in my Firebase callable functions code, but having re-deployed them, now they suddenly start rejecting all function invocations from my app with the error shown below. I would like NOT to use App Check until I am ready to make the changes needed. How do I stop my callable (https.onCall) Firebase functions from rejecting invalid App Checks, and instead only reject invalid Authentication?
Failed to validate AppCheck token. FirebaseAppCheckError: Decoding App Check token failed. Make sure you passed the entire string JWT which represents the Firebase App Check token.
at FirebaseAppCheckError.FirebaseError [as constructor] (/workspace/node_modules/firebase-admin/lib/utils/error.js:44:28)
at FirebaseAppCheckError.PrefixedFirebaseError [as constructor] (/workspace/node_modules/firebase-admin/lib/utils/error.js:90:28)
at new FirebaseAppCheckError (/workspace/node_modules/firebase-admin/lib/app-check/app-check-api-client-internal.js:187:28)
at /workspace/node_modules/firebase-admin/lib/app-check/token-verifier.js:82:19
at processTicksAndRejections (internal/process/task_queues.js:97:5) {
errorInfo: {
code: 'app-check/invalid-argument',
message: 'Decoding App Check token failed. Make sure you passed the entire string JWT which represents the Firebase App Check token.'
},
codePrefix: 'app-check'
}
Callable request verification failed: AppCheck token was rejected. {"verifications":{"app":"INVALID","auth":"VALID"}}
The code rejecting all requests due to invalid App Check is super simple:
const functions = require("firebase-functions");
const admin = require("firebase-admin");
admin.initializeApp();
exports.example = functions.https.onCall((data, context) => {
return "test";
}
Package.json:
"engines": {
"node": "12"
},
"main": "index.js",
"dependencies": {
"firebase-admin": "^9.10.0",
"firebase-functions": "^3.14.1"
},
I had the same experience. The docs say that you are supposed to check like this[1]:
if (context.app == undefined) {
throw new functions.https.HttpsError(
'failed-precondition',
'The function must be called from an App Check verified app.')
}
But, this is not the case in my experience, the App Check starts to be enforced immediately the moment you add App Check to your app.
EDIT:
moreover, even without doing any check in my code, I can see this in the logs whenever I call one of my functions:
Callable request verification passed {"verifications":{"auth":"VALID","app":"VALID"}}
So it seems App Check happens automatically, at least in Callable Functions. If you want to bypass AppCheck in one of your functions, you might want to try an HTTP function instead (not Callable).
[1] Source https://firebase.google.com/docs/app-check/cloud-functions
From protocol specification for https.onCall:
Optional [Header]: X-Firebase-AppCheck: The Firebase App Check token provided by the client app making the request. The backend automatically verifies this token and decodes it, injecting the appId in the handler's context. If the token cannot be verified, the request is rejected. (Available for SDK >=3.14.0)
My guess is that calls to your callable function contains an invalid App Check token.
If you haven't configured DeviceCheck or/and App Attest attestation providers on your project but have included the App Check library on your client, your client code may be including a dummy App Check token when calling your function (full details on this github issue).
Firebase team is working through changes to make the experience less confusing. Please follow along in http://github.com/firebase/firebase-functions/issues/967 and https://github.com/FirebaseExtended/flutterfire/issues/6794 for status.
My problem is the same when I run the app on an emulator, after running on a real device is running without any problems. That's what happens to me.
When I do a auth call using email, the function returns successful including the data expected, however leaves this console.error from shared.js (I assuming this is a Firebase file).
TypeError: undefined is not an object (evaluating 'b.currentSelfServiceAppID.signUpAppId')
I am using version "firebase": "^6.6.1", and added the email I am using to auth my app via the Firebase console. The email has not been verified.
Is this error expected when the email has not been verified? Or is there another set up error I have missed?
I have found where this error is coming from. I have an Okta extension installed on my browser, and this is causing the error. It has nothing to do with Firebase, it's a bug with the extension.
In response to the following Firebase Objective-C/Xcode code:
Firebase *myRootRef = [[Firebase alloc] initWithUrl:#"https://home.FirebaseTest.firebaseio.com"];
note: home.FirebaseTest is my Firebase app name (see link below)
https://www.firebase.com/docs/ios/quickstart.html
I receive the following exception/error:
Terminating app due to uncaught exception 'No Firebase namespace
specified.', reason: 'No Firebase namespace found for input: '
How can I resolve this problem?
I'm pretty sure that your problem relies on your URL.
Didn't get how you named your project home.FirebaseTest and what this home. stands for.
But you can get the proper url going to firebase console and on "Database" tab you should be able to see your firebaseio.com url.
For example in an app called "myfirebasetest" it would be
https://myfirebasetest.firebaseio.com
On legacy UI it is the url you use to access the console.