Reputation: 1462
Why Firebase App Check fails in app release but not in debugging mode?
I have a React-Native app and I am using the firebase SDK for React-Native. I have just implemented App-Check for my app and it works fine in debugging mode, but it fails in Release. Here is the code for app-check in index.js which is triggered as soon as app is initialized:
try {
firebase.appCheck().setTokenAutoRefreshEnabled(true);
firebase.appCheck().activate('ignored', true);
firebase.appCheck().getToken(true).then(res => {
GLOBAL.app_check = JSON.stringify(res.token);
console.log("app check success, appchecktoken: " + JSON.stringify(res.token));
}).catch((error) => {
GLOBAL.app_check = '';
console.error("app check failed: " + error);
alert('App check failed: ' + JSON.stringify(error));
return;
});
} catch (e) {
console.log("Failed to initialize appCheck:", e);
logErrors('appCheck failed: ', e);
}
as you can see above, I am using alert to print the error message but here it what it prints:
**App check failed: {} **
.. object is empty. How can I check what's wrong with it? I am using Play Integrity and SafetyNet and I have added the SHA-252 which I got by using Gradle's Signing Report via the following command:
gradlew signingReport
What am I doing wrong here?
Upvotes: 1
Views: 1051
Answers (2)
Reputation: 1
Just add all the keys that have been a part of your app bundle.
For eg, when uploading app bundle on play store, there will be 4 different SHA-256 keys involved which are
- debug SHA-256 (obtained from signingReport via Gradle)
- release SHA-256 (obtained from signingReport via Gradle)
- play store's latest SHA-256 (obtained from APP SIGNING page on your developer play console)
- play store's legacy SHA-256 (obtained from APP SIGNING page on your developer play console)
Upvotes: 0
Reputation: 1592
You will need to get the SHA-256 for all signing keys used with your app. With debug keys, calling gradlew signingReport works as it goes to the default signing key location (~/.android/debug.keystore) and runs the java keytool against this keystore supplying the default alias (android) and password (android).
For your release keys, which are self generated, you would need to use the java keytool which can generally be found on your system path or within the jdk directory. If you need help setting up keytool, I would refer to this stackoverflow question. You could use any other variations of keytool that exist, but I would use the one that ships with the jdk as its generally trusted. The command you would then want to run using keytool would be:
keytool -list -v -alias ${alias_of_keystore} -keystore ${location_of_keystore}
You would want to sub the alias and location with your own values. Using the default debug key values, the command would look something like this:
keytool -list -v -alias android -keystore ~/.android/debug.keystore
This video talks about all the different locations to grab the SHA-256. For instance, after you upload to the Google Play Store, if you opt into Google Play Signing (which I believe is the default) you will need to grab the SHA-256 from there as well. The rest of the video covers digital asset links and can be ignored.
Upvotes: 1
Related Questions
- Flutter - firebase_app_check not working in release mode, how fix it?
- Firebase App Check rejecting all requests from Android devices
- Unable to get AppCheck (Debug on Emulator) to work on a Flutter application
- FireFlutter: Enable App Check in debug mode
- How to configure app check for both release and debug on android?
- Using Firebase App Check is not working (debug)
- AppCheck fails on ios Simulator
- Failing to get debug app check token for iOS
- Firebase app check on iOS get crash on build
- Firebase Functions AppCheck keeps failing my device