FlutterFlow / flutterflow-issues

A community issue tracker for FlutterFlow.
124 stars 23 forks source link

Firebase App Check Authentication enforce does not work #1287

Closed rafamessias closed 10 months ago

rafamessias commented 1 year ago

Has your issue been reported?

Current Behavior

After configuring Firebase App Check and enforce Authentication, it not possible to login and the App returns the following error on console log: Firebase App Check token in invalid.

error

Expected Behavior

Firebase App Check Authentication enforce should work fine like Firestore enforce.

Steps to Reproduce

  1. Have a FF App with Firebase Authentication
  2. Create two pages, one as Login Page and another as an Authenticated Page
  3. Configure Firestore App Check following the documentation
  4. Go to Firebase console -> App check
  5. Click on Authentication -> Enforce button (as image below)
  6. Try to login into your App

Screenshot 2023-08-10 084416

Reproducible from Blank

Bug Report Code (Required)

IT4sifLcw5d2xdtJ0K6JK+5r/SYQG248aoIkscsZa0kdB4joPLJ+Oszsak5pTsTgSkNhHFmJgmAy+d7XiuDiFe0CISqdR759yc5+EAvve3q8R4SIPc2SVkd8M/5MIFS41J6r2RJdJfhhdGA82zmHOOuifHbrN5O/Zwh9f6PHaOI=

Context

When Firebase App Check Authentication enforce is enabled, it is unable to login into the App.

Visual documentation

If you try to login into the App the following error will occur: error

Additional Info

No response

Environment

- FlutterFlow version: 3.10.4
- Platform: Web
- Browser name and version: 115.0.5790.171
- Operating system and version affected: Windows 11
SameerShahzad99 commented 1 year ago

@rafamessias Thank you so much for submitting this bug, I was able to reproduce this bug on a local project Bug Report code: IT4ol8j6y5VNsdta1c7qdcAxnSQ7Q2J/aLs808pBZywgfZzzBLN/fPfQP0loTselSmNEPVmcp14z0+DSkYaeVPcEaBKZRt1I+Kt6EQ2XXj6QabmTF7qCQXwnBp9MJ2qny6azgAhBIrJfWmQb2Ey2H++/QgnrJYSzPGo4Sq/LZO4=

katherineqian commented 1 year ago

Hi @rafamessias, I wanted to apologize for the extremely delayed response on this issue. I appreciate all of the details that you gave to help resolve the bug. I was not active on maintenance and I'm sorry that I let this fall through the cracks like this. I wanted to provide you with an ETA on when this would be addressed - it should likely be fixed on the second release from now (aka in the release after next), if not the next one after that. I will provide an update here if it turns out this isn't a bug, but based on the report, I believe I should be able to find a fix for this. I'm sorry again for the delay.

Edit (update): Encountered difficulties reproducing this issue on a new setup; asked for further detail.

gurpalc commented 11 months ago

Hello, I'm adding a comment here to add that I am experiencing this issue as well. I have signed up for recaptcha, entered the required information, and when I enable app check for my web application, it does not work. Is this a bug that has been resolved? I'm working with flutterflow support on this and no other solutions have been found yet. Thank you

jeffersonGlemos commented 11 months ago

Hello. I have this same issue right now any update about this?

devjoter commented 11 months ago

Pleas keep this issue of high importance as App Check is vast security layer for firebase. In fact there are issues with Web implementation for me as well.

katherineqian commented 11 months ago

Hi @gurpalc, @jeffersonGlemos, @devjoter - thank you for adding your reports to this. Can you please confirm some details for me?

  1. Whether the bug is occurring in production or only in debug mode.
  2. Which platform you are receiving this exception on (so far it appears the reports are for Web only).
  3. Whether Firebase Storage is enabled for the project you are trying to use App Check on. Thank you!
katherineqian commented 11 months ago

Can you also please try the debugging steps from #1080?

Sorry for the slow reply.

I'm unable to reproduce the issue: it works fine for me when I set the "Run/Test Mode Debug Token". The reCAPTCHA token is not required for Test Mode.

Please try the following steps and let me know the results:

  • Make sure "Run/Test Mode Debug Token" is set.
  • Regenerate Firebase config files, regenerate the debug token in Firebase console, update the token in FlutterFlow, start new Test Mode session.
  • Check your browser console. Does it print a message like this? App Check debug token: <...>. You will need to add it to your app's App Check settings in the Firebase console for it to work. Is this your token?

@anorld-droid What's in the "Request" tab and what's in the "Response" tab?

jeffersonGlemos commented 11 months ago

Hi @gurpalc, @jeffersonGlemos, @devjoter - thank you for adding your reports to this. Can you please confirm some details for me?

  1. Whether the bug is occurring in production or only in debug mode.
  2. Which platform you are receiving this exception on (so far it appears the reports are for Web only).
  3. Whether Firebase Storage is enabled for the project you are trying to use App Check on. Thank you!

Hi, lets go!.

1 - in All, but only for web 2 - Yes just for web 3 - Yes, is active!

gurpalc commented 11 months ago
  1. Whether the bug is occurring in production or only in debug mode.
  2. Which platform you are receiving this exception on (so far it appears the reports are for Web only).
  3. Whether Firebase Storage is enabled for the project you are trying to use App Check on. Thank you!
  1. It is occurring in both production and debug mode
  2. Web version
  3. Firebase storage is currently enabled
gurpalc commented 11 months ago

Can you also please try the debugging steps from #1080?

Sorry for the slow reply. I'm unable to reproduce the issue: it works fine for me when I set the "Run/Test Mode Debug Token". The reCAPTCHA token is not required for Test Mode. Please try the following steps and let me know the results:

  • Make sure "Run/Test Mode Debug Token" is set.
  • Regenerate Firebase config files, regenerate the debug token in Firebase console, update the token in FlutterFlow, start new Test Mode session.
  • Check your browser console. Does it print a message like this? App Check debug token: <...>. You will need to add it to your app's App Check settings in the Firebase console for it to work. Is this your token?

@anorld-droid What's in the "Request" tab and what's in the "Response" tab?

Hello, I have uploaded screenshots from my developer that he says answers that question. Is this helpful or is further information needed? Thank you

screenshot 3 screenshot 2 screenshot 1

aemelyanovff commented 10 months ago

I can reproduce the issue. It looks like the problem is that FlutterFlow is using an outdated version of firebase_app_check.

aemelyanovff commented 10 months ago

Fixed in the last update.

DentalRx commented 10 months ago

App Check is still not functional on web for me. Can we confirm that this issue is fixed?

aemelyanovff commented 10 months ago

App Check is still not functional on web for me. Can we confirm that this issue is fixed?

Is the error exactly the same as in the issue description?

DentalRx commented 10 months ago

App Check is still not functional on web for me. Can we confirm that this issue is fixed?

Is the error exactly the same as in the issue description?

Current Behavior After configuring Firebase App Check and enforce Authentication, it not possible to login and the App returns the following error on console log: Firebase App Check token in invalid.

image

gurpalc commented 10 months ago

App Check is still not functional on web for me. Can we confirm that this issue is fixed?

Is the error exactly the same as in the issue description?

Hi I can confirm it is having the same error for me, it just says "Error: Error" in a snackbar, just like last time.

pedrohssales commented 10 months ago

'm using reCaptcha Enterprise. I followed all the FlutterFlow documentation to deploy, but I keep getting an eternal loading screen for my app: sispcad.flutterflow.app

When checking the console, there is visibly an error. I don't know how to interpret it for sure.

This looks like a FlutterFlow bug to me.

image image

These are the metrics I'm getting from app check requests, from firestore, after implementing App Check: image

pedrohssales commented 10 months ago

I received a response from the firebase support team. The answer indicates that my suspicion was correct. Flutterflow is trying to create a token with reCaptcha V3, not reCaptcha Enterprise, resulting in a bug.

screenshot

DentalRx commented 10 months ago

I received a response from the firebase support team. The answer indicates that my suspicion was correct. Flutterflow is trying to create a token with reCaptcha V3, not reCaptcha Enterprise, resulting in a bug.

screenshot

In the documentation they use reCaptcha enterprise... this is good to know though. Thank you.

FlutterFlow team: are we to assume there is no support coming for enterprise? Or should we hold tight?

aemelyanovff commented 9 months ago

Hi all:

pedrohssales commented 9 months ago

Hi all:

  • reCaptcha Enterprise is not supported by FlutterFlow yet, but we'll add it in the next update. Until then, please use reCaptcha v3.
  • Make sure your web app's URL is allow-listed in reCaptcha.
  • Try re-publishing your web app. We recently upgraded our AppCheck dependencies.
  • If the issue persists, please reach out to Support.

Hello, aemelyanovff.

Alright, I understand there is no support currently. But I believe, then, that there is an error in the flutterflow documentation. There is mention of reCaptcha Enterprise as compatible. But thank you very much for the feedback, I will wait for the next update