CODEWITHSUNDEEP
androidfirebasefirebase-authenticationfirebase-app-check
Muhammad chhota
Muhammad chhota

Reputation: 1917

What is difference between the getIdToken and getAppCheckToken?

Currently firebase has introduce the App Check. To protect the non firebase backend firebase has introduce getAppCheckToken. Previously we are using the getIdToken to verify the user.

 FirebaseAuth.getInstance().currentUser.getIdToken(true).addOnSuccessListener {
    Log.d("tag",it.token) // token #1
}

FirebaseAppCheck.getInstance()
        .getAppCheckToken(false)
        .addOnSuccessListener { tokenResponse ->
    Log.d("tag",tokenResponse) // token #1
}

What's difference between both this two token. How getAppCheckToken can improve the security of the non firebase backend.

Upvotes: 1

Views: 334

Answers (1)

silexcorp
silexcorp

Reputation: 1261

Basically the difference between getIdToken and getAppCheckToken is:

FirebaseAuth.getInstance().currentUser.getIdToken(true){}

Fetches a Firebase Auth ID Token for the user; useful when authenticating against your own backend, if forceRefresh == true, thrown if the current user's account has been disabled, deleted, or its credentials are no longer valid.

FirebaseAppCheck.getInstance().getAppCheckToken(true){}

Requests a Firebase App Check token. This method should be used ONLY if you need to authorize requests to a non-Firebase backend. Requests to Firebase backends are authorized automatically if configured.

Upvotes: 1

Related Questions