App Check debug token expires after one hour, making the app unusable #14743
Comments
|
I couldn't figure out how to label this issue, so I've labeled it for a human to triage. Hang tight. |
|
Hi @ulian-onua , I so far have been unable to reproduce this in an app using App Check and Auth. The sample app I'm using is here: main...nc/14743. Are you able to reproduce the issue with my sample app or notice any key differences? To use the sample app:
|
|
@ncooke3 I noticed that your example project includes a func requestDebugToken() {
guard let firebaseApp = FirebaseApp.app() else {
return
}
if let debugProvider = AppCheckDebugProvider(app: firebaseApp) {
print("Debug token: \(debugProvider.currentDebugToken())")
debugProvider.getToken { token, error in
if let token {
print("Debug FAC token: \(token.token), expiration date: \(token.expirationDate)")
}
if let error {
print("Debug error: \(error)")
}
}
}
}We don’t have such a method in our real app. We simply set the following code and assume that token refreshing is handled automatically: let providerFactory = AppCheckDebugProviderFactory()
AppCheck.setAppCheckProviderFactory(providerFactory)Should we be calling a method similar to I couldn’t find any clear information about this in the official documentation. Thank you in advance. |
|
@ncooke3 If the app remains open, it works well the whole time. However, if the app is closed and I open it, for example, a day later, the issue I previously reported can still occur. So here is my general question again: I couldn’t find any guidance in the official Firebase iOS documentation. I appreciate any help you can provide. |
Hi @ulian-onua, manually calling it should be unnecessary. The SDK should refresh it automatically. |
|
@ulian-onua, were you able to reproduce the issue in the sample app? It does call |
|
@ncooke3 thank you for your answers. The sample app seems to work well. I wasn’t able to reproduce the issue in it, but I also didn’t include any Firestore calls or listeners, for example. In our case, we are listening to a - (id<FIRListenerRegistration>)addSnapshotListener:
(void (^)(FIRDocumentSnapshot *_Nullable snapshot, NSError *_Nullable error))listener
NS_SWIFT_NAME(addSnapshotListener(_:));The issue typically occurs about an hour into using the app in a debug environment. The It can also happen after relaunching the app a few hours later, even if it was working normally before being closed. We’ve noticed that manually refreshing the token using the method from your sample code improves stability. However, the issue still occurs in certain cases, such as after relaunching the app following an extended period of inactivity. At this point, we're unsure about the root cause or what might be triggering the problem. This issue did not occur until we enabled App Check for our app. |
|
Thanks, @ulian-onua. Are you able to provide a very minimal app that reproduces the issue, or perhaps modify the sample app to do so? |
|
@ncooke3, we will try to prepare and provide it soon. Also, I would like to add here that we can see a certain percentage of "Unverified requests" on the Firestore Console. It happens not only for the Dev version but also for Beta (where the prod environment is used). I'm not sure if it is related to this issue but decided to let you know about it (as I think it can be related). I opened a corresponding issue on StackOverflow: https://stackoverflow.com/questions/79600010/firebase-app-check-unverified-requests-on-ios-1-10
|
|
@ulian-onua , when you encounter failures, are they happening when the app is in the foreground or background? If the issues are related, I'm thinking that once the App Check bug occurs, subsequent storage requests are made and are counted as unverified. Does this make sense in the context of how your app operates? Does it make sense that only storage would have a significant amount of unverified requests? |
Description
We’ve set up App Check in our app, but we’re experiencing issues with it in Debug mode.
The problem is that after launching, the app works for about an hour (the token expiration time), and then Firebase calls start returning code == 403.
We’ve configured AppCheckDebugProviderFactory and provided the FIRAAppCheckDebugToken, which is registered in the Firebase Console, in our Xcode scheme (as described here: https://firebase.google.com/docs/app-check/ios/debug-provider).
It seems that the app uses the debug token initially, but after an hour the token expires, and the system attempts to refresh it but fails.
To resolve this, we need to connect the device to Xcode and run the app through the debugger, or run the app on a simulator with the debugger attached. Sometimes even that doesn’t help — we have to delete and reinstall the app to make it work again.
Is there a way to resolve this issue and ensure stable functionality on a simulator or test device in Debug mode, without needing to connect the app to the debugger or reinstall it every hour?
Thank you for the help in advance.
Reproducing the issue
Firebase SDK Version
11.10.0
Xcode Version
16.3
Installation Method
Swift Package Manager
Firebase Product(s)
App Check
Targeted Platforms
iOS
Relevant Log Output
If using Swift Package Manager, the project's Package.resolved
Expand
Package.resolvedsnippetReplace this line with the contents of your Package.resolved.If using CocoaPods, the project's Podfile.lock
Expand
Podfile.locksnippetReplace this line with the contents of your Podfile.lock!The text was updated successfully, but these errors were encountered: