firebase / flutterfire

🔥 A collection of Firebase plugins for Flutter apps.
https://firebase.google.com/docs/flutter/setup
BSD 3-Clause "New" or "Revised" License
8.74k stars 3.98k forks source link

🐛 [firebase_app_check] getToken() with App Attest as the provider results in unknown error for some users #10683

Open bcgreijnlautier opened 1 year ago

bcgreijnlautier commented 1 year ago

Bug report

I have App Check setup to use the App Attest provider in my app. After releasing this version to the App Store, I'm seeing quite a few App Attest errors in Google Cloud:

Screen Shot 2023-03-28 at 4 26 15 PM

The biggest point of failure is ExchangeAppAttestAttestation which has a failure rate of almost 25%. In Crashlytics, I'm seeing a number of App Check errors that I'm assuming are related: [firebase_app_check/unknown] The operation couldn’t be completed. (com.firebase.appCheck error 0.). Even though my personal device isn't throwing any App Check errors, I've seen a few errors from my peers' devices. All of the devices throwing errors are on at least iOS 15 and are not jailbroken, so App Attest should succeed on these.

I'm able to retrieve a valid token when using the debug provider. When running the app in debug mode on my own device and fetching a token using App Attest, I'm also receiving a valid token, so this is a difficult issue to debug.

Steps to reproduce

Steps to reproduce the behavior:

  1. Activate App Check with App Attest as the iOS provider
  2. Fetch an App Check token for every request
  3. Run the app on a variety of devices

Expected behavior

When using Device Check in previous releases, ExchangeDeviceCheckToken had a failure rate of only 0.12% across ~500,000 requests. I'd expect a similar result when using App Attest.

Sample project

await FirebaseAppCheck.instance.activate(
  appleProvider: 
      AppleProvider.appAttestWithDeviceCheckFallback,
);
await FirebaseAppCheck.instance.setTokenAutoRefreshEnabled(true);
await FirebaseAppCheck.instance.getToken();

Additional context

Add any other context about the problem here.


Flutter doctor

Run flutter doctor and paste the output below:

Click To Expand ``` [✓] Flutter (Channel stable, 3.0.2, on macOS 12.6.3 21G419 darwin-arm, locale en-US) [✓] Android toolchain - develop for Android devices (Android SDK version 32.1.0-rc1) [✓] Xcode - develop for iOS and macOS (Xcode 14.2) [✓] Chrome - develop for the web [✓] Android Studio (version 2022.1) [✓] VS Code (version 1.76.2) [✓] Connected device (4 available) [✓] HTTP Host Availability ```

Flutter dependencies

Run flutter pub deps -- --style=compact and paste the output below:

Click To Expand ``` Dart SDK 2.17.3 Flutter SDK 3.0.2 mobile_wallet 1.3.0 dependencies: - android_intent_plus 3.1.6 [flutter platform meta] - another_flushbar 1.12.29 [flutter] - app_links 3.4.1 [flutter app_links_platform_interface flutter_web_plugins] - argon2 1.0.1 [pointycastle hex] - auto_size_text_field 2.1.0 [flutter] - background_fetch 1.1.0 [flutter] - bech32 0.2.1 [convert] - bs58 1.0.2 [base_x] - cached_network_image 3.2.1 [flutter flutter_cache_manager octo_image cached_network_image_platform_interface cached_network_image_web] - clock 1.1.0 - connectivity_plus 2.2.1 [flutter connectivity_plus_platform_interface connectivity_plus_linux connectivity_plus_macos connectivity_plus_web connectivity_plus_windows] - contacts_service 0.6.3 [flutter collection quiver] - credit_card_type_detector 2.0.0 - crypto 3.0.1 [collection typed_data] - cryptography 2.0.5 [collection crypto fixnum js meta typed_data] - csv 5.0.1 - dargon2 3.2.1 [dargon2_core] - decimal 1.5.0 [rational] - dio 4.0.6 [http_parser path] - dio_logger 4.0.8+8 [dio] - dots_indicator 2.1.0 [flutter] - encrypt 5.0.1 [args asn1lib clock collection crypto pointycastle] - equatable 2.0.5 [collection meta] - ethereum_addresses 1.0.2 [convert pointycastle] - expandable_page_view 1.0.10 [flutter] - firebase_analytics 10.1.0 [firebase_analytics_platform_interface firebase_analytics_web firebase_core firebase_core_platform_interface flutter] - firebase_app_check 0.1.1+13 [firebase_app_check_platform_interface firebase_app_check_web firebase_core firebase_core_platform_interface flutter] - firebase_core 2.7.1 [firebase_core_platform_interface firebase_core_web flutter meta] - firebase_crashlytics 3.0.9 [firebase_core firebase_core_platform_interface firebase_crashlytics_platform_interface flutter stack_trace] - firebase_dynamic_links 5.0.11 [firebase_core firebase_core_platform_interface firebase_dynamic_links_platform_interface flutter meta plugin_platform_interface] - firebase_installations 16.3.6 [flutter] - firebase_messaging 14.2.1 [firebase_core firebase_core_platform_interface firebase_messaging_platform_interface firebase_messaging_web flutter meta] - firebase_performance 0.9.0+9 [firebase_core firebase_core_platform_interface firebase_performance_platform_interface firebase_performance_web flutter] - firebase_remote_config 3.0.9 [firebase_core firebase_core_platform_interface firebase_remote_config_platform_interface firebase_remote_config_web flutter] - fixnum 1.0.1 - fk_user_agent 2.1.0 [flutter] - flip_card 0.7.0 [flutter] - flutter 0.0.0 [characters collection material_color_utilities meta vector_math sky_engine] - flutter_cache_manager 3.3.0 [clock collection file flutter http path path_provider pedantic rxdart sqflite uuid] - flutter_dotenv 5.0.2 [flutter] - flutter_google_places_sdk 0.3.2+5 [flutter flutter_google_places_sdk_platform_interface flutter_google_places_sdk_ios flutter_google_places_sdk_web flutter_google_places_sdk_android] - flutter_inappwebview 5.7.1+2 [flutter] - flutter_libphonenumber 1.3.0 [flutter] - flutter_local_notifications 9.6.1 [clock flutter flutter_local_notifications_linux flutter_local_notifications_platform_interface timezone] - flutter_localizations 0.0.0 [flutter intl characters clock collection material_color_utilities meta path vector_math] - flutter_phoenix 1.1.0 [flutter] - flutter_secure_storage 5.0.2 [meta flutter flutter_secure_storage_linux flutter_secure_storage_macos flutter_secure_storage_platform_interface flutter_secure_storage_web flutter_secure_storage_windows] - flutter_slidable 1.3.0 [flutter] - flutter_sms 2.3.3 [flutter flutter_web_plugins plugin_platform_interface url_launcher] - flutter_svg 1.1.6 [flutter meta path_drawing vector_math xml] - get 4.6.5 [flutter] - grpc 3.0.2 [archive async crypto fixnum googleapis_auth meta http http2 protobuf] - hashids2 2.0.0 - hex 0.2.0 - http 0.13.4 [async http_parser meta path] - image_picker 0.8.5+3 [flutter image_picker_android image_picker_for_web image_picker_ios image_picker_platform_interface] - instabug_flutter 11.2.0 [flutter meta stack_trace] - intercom_flutter 7.4.0 [flutter flutter_web_plugins intercom_flutter_platform_interface intercom_flutter_web] - intl 0.17.0 [clock path] - json_annotation 4.7.0 [meta] - local_auth 1.1.11 [flutter flutter_plugin_android_lifecycle intl platform] - logger 1.1.0 - mask_text_input_formatter 2.4.0 [flutter] - mixin_bot_sdk_dart 0.3.0 [convert dart_jsonwebtoken sprintf uuid dio json_annotation crypto meta equatable enum_to_string recase ed25519_edwards collection x25519 pointycastle] - mixpanel_flutter 2.0.0 [flutter flutter_web_plugins js] - mobilecoin_flutter 0.0.1 [crypto decimal equatable flutter] - modal_bottom_sheet 2.0.1 [flutter] - mutex 3.0.1 - page_transition 2.0.5 [flutter] - path_provider 2.0.9 [flutter path_provider_android path_provider_ios path_provider_linux path_provider_macos path_provider_platform_interface path_provider_windows] - permission_handler 9.2.0 [flutter meta permission_handler_android permission_handler_apple permission_handler_windows permission_handler_platform_interface] - plaid_flutter 3.0.1 [flutter flutter_web_plugins plugin_platform_interface js] - protobufs 0.0.0 [grpc protobuf] - qr_code_scanner 1.0.0 [js flutter flutter_web_plugins] - qr_flutter 4.0.0 [flutter qr] - rxdart_ext 0.0.1 [rxdart meta stack_trace path] - screenshot 1.3.0 [flutter] - sentry 6.18.1 [http meta stack_trace uuid intl] - share_plus 4.0.3 [meta mime flutter share_plus_platform_interface share_plus_linux share_plus_macos share_plus_windows share_plus_web] - shared_preferences 2.0.13 [flutter shared_preferences_android shared_preferences_ios shared_preferences_linux shared_preferences_macos shared_preferences_platform_interface shared_preferences_web shared_preferences_windows] - shimmer 2.0.0 [flutter] - simple_animations 4.0.1 [flutter flutter_lints collection] - sliding_sheet 0.5.2 [flutter] - twilio_phone_verify 2.0.0 [flutter http] - url_launcher 6.1.3 [flutter url_launcher_android url_launcher_ios url_launcher_linux url_launcher_macos url_launcher_platform_interface url_launcher_web url_launcher_windows] - uuid 3.0.6 [crypto] - webview_flutter 3.0.1 [flutter webview_flutter_android webview_flutter_platform_interface webview_flutter_wkwebview] dev dependencies: - build_runner 2.3.0 [args async analyzer build build_config build_daemon build_resolvers build_runner_core code_builder collection crypto dart_style frontend_server_client glob graphs http_multi_server io js logging meta mime package_config path pool pub_semver pubspec_parse shelf shelf_web_socket stack_trace stream_transform timing watcher web_socket_channel yaml] - fake_async 1.3.0 [clock collection] - flutter_lints 1.0.4 [lints] - flutter_test 0.0.0 [flutter test_api path fake_async clock stack_trace vector_math async boolean_selector characters charcode collection matcher material_color_utilities meta source_span stream_channel string_scanner term_glyph] - golden_toolkit 0.13.0 [flutter flutter_test meta] - integration_test 0.0.0 [flutter flutter_driver flutter_test path vm_service archive async boolean_selector characters charcode clock collection crypto fake_async file matcher material_color_utilities meta source_span stack_trace stream_channel string_scanner sync_http term_glyph test_api typed_data vector_math webdriver] - json_serializable 6.5.4 [analyzer async build build_config collection json_annotation meta path pub_semver pubspec_parse source_gen source_helper] - mocktail 0.3.0 [collection matcher test] - recase 4.0.0 - very_good_analysis 2.4.0 transitive dependencies: - _fe_analyzer_shared 47.0.0 [meta] - _flutterfire_internals 1.0.17 [collection firebase_core firebase_core_platform_interface flutter meta] - adaptive_number 1.0.0 [fixnum] - analyzer 4.7.0 [_fe_analyzer_shared collection convert crypto glob meta package_config path pub_semver source_span watcher yaml] - app_links_platform_interface 1.1.0 [flutter plugin_platform_interface] - archive 3.1.11 [crypto path] - args 2.3.0 - asn1lib 1.1.0 - async 2.8.2 [collection meta] - base_x 2.0.0 - boolean_selector 2.1.0 [source_span string_scanner] - build 2.3.1 [analyzer async convert crypto glob logging meta path] - build_config 1.1.1 [checked_yaml json_annotation path pubspec_parse yaml] - build_daemon 3.1.0 [built_collection built_value http_multi_server logging path pool shelf shelf_web_socket stream_transform watcher web_socket_channel] - build_resolvers 2.0.10 [analyzer async build crypto graphs logging path package_config pool pub_semver stream_transform yaml] - build_runner_core 7.2.7 [async build build_config build_resolvers collection convert crypto glob graphs json_annotation logging meta path package_config pool timing watcher yaml] - built_collection 5.1.1 - built_value 8.4.3 [built_collection collection fixnum meta] - cached_network_image_platform_interface 1.0.0 [flutter flutter_cache_manager] - cached_network_image_web 1.0.1 [flutter flutter_cache_manager cached_network_image_platform_interface] - characters 1.2.0 - charcode 1.3.1 - checked_yaml 2.0.1 [json_annotation source_span yaml] - code_builder 4.4.0 [built_collection built_value collection matcher meta] - collection 1.16.0 - connectivity_plus_linux 1.3.0 [flutter connectivity_plus_platform_interface meta nm] - connectivity_plus_macos 1.2.1 [connectivity_plus_platform_interface flutter] - connectivity_plus_platform_interface 1.2.0 [flutter meta plugin_platform_interface] - connectivity_plus_web 1.2.0 [connectivity_plus_platform_interface flutter_web_plugins flutter] - connectivity_plus_windows 1.2.0 [connectivity_plus_platform_interface flutter] - convert 3.0.1 [typed_data] - coverage 1.2.0 [args logging package_config path source_maps stack_trace vm_service] - cross_file 0.3.3+1 [js meta] - dargon2_core 2.1.1 [ffi dargon2_interface] - dargon2_interface 1.1.0 [convert] - dart_jsonwebtoken 2.4.1 [crypto pointycastle convert collection] - dart_style 2.2.4 [analyzer args path pub_semver source_span] - dbus 0.7.8 [args ffi meta xml] - ed25519_edwards 0.3.1 [collection crypto convert adaptive_number] - enum_to_string 2.0.1 - ffi 2.0.1 - file 6.1.2 [meta path] - firebase_analytics_platform_interface 3.3.17 [_flutterfire_internals firebase_core flutter meta plugin_platform_interface] - firebase_analytics_web 0.5.1+8 [_flutterfire_internals firebase_analytics_platform_interface firebase_core firebase_core_web flutter flutter_web_plugins js] - firebase_app_check_platform_interface 0.0.5+16 [_flutterfire_internals firebase_core flutter meta plugin_platform_interface] - firebase_app_check_web 0.0.7+16 [_flutterfire_internals firebase_app_check_platform_interface firebase_core firebase_core_web flutter flutter_web_plugins js] - firebase_core_platform_interface 4.5.3 [collection flutter flutter_test meta plugin_platform_interface] - firebase_core_web 2.2.2 [firebase_core_platform_interface flutter flutter_web_plugins js meta] - firebase_crashlytics_platform_interface 3.3.10 [_flutterfire_internals collection firebase_core flutter meta plugin_platform_interface] - firebase_dynamic_links_platform_interface 0.2.3+26 [_flutterfire_internals firebase_core flutter meta plugin_platform_interface] - firebase_messaging_platform_interface 4.2.10 [_flutterfire_internals firebase_core flutter meta plugin_platform_interface] - firebase_messaging_web 3.2.11 [_flutterfire_internals firebase_core firebase_core_web firebase_messaging_platform_interface flutter flutter_web_plugins js meta] - firebase_performance_platform_interface 0.1.1+29 [_flutterfire_internals firebase_core flutter plugin_platform_interface] - firebase_performance_web 0.1.1+18 [_flutterfire_internals firebase_core firebase_core_web firebase_performance_platform_interface flutter flutter_web_plugins js] - firebase_remote_config_platform_interface 1.1.29 [_flutterfire_internals firebase_core flutter meta plugin_platform_interface] - firebase_remote_config_web 1.1.18 [firebase_core firebase_core_web firebase_remote_config_platform_interface flutter flutter_web_plugins js] - flutter_blurhash 0.7.0 [flutter] - flutter_driver 0.0.0 [file flutter flutter_test fuchsia_remote_debug_protocol path meta vm_service webdriver archive async boolean_selector characters charcode clock collection crypto matcher material_color_utilities platform process source_span stack_trace stream_channel string_scanner sync_http term_glyph test_api typed_data vector_math] - flutter_google_places_sdk_android 0.1.2+5 [flutter flutter_google_places_sdk_platform_interface] - flutter_google_places_sdk_ios 0.1.2+3 [flutter flutter_google_places_sdk_platform_interface] - flutter_google_places_sdk_platform_interface 0.2.4+3 [flutter plugin_platform_interface] - flutter_google_places_sdk_web 0.1.3+3 [flutter flutter_web_plugins flutter_google_places_sdk_platform_interface js google_maps collection] - flutter_local_notifications_linux 0.5.0+1 [flutter flutter_local_notifications_platform_interface dbus path xdg_directories] - flutter_local_notifications_platform_interface 5.0.0 [flutter plugin_platform_interface] - flutter_plugin_android_lifecycle 2.0.5 [flutter] - flutter_secure_storage_linux 1.1.0 [flutter flutter_secure_storage_platform_interface] - flutter_secure_storage_macos 1.1.0 [flutter flutter_secure_storage_platform_interface] - flutter_secure_storage_platform_interface 1.0.0 [flutter plugin_platform_interface] - flutter_secure_storage_web 1.0.2 [flutter flutter_web_plugins flutter_secure_storage_platform_interface js] - flutter_secure_storage_windows 1.1.2 [flutter flutter_secure_storage_platform_interface] - flutter_web_plugins 0.0.0 [flutter js characters collection material_color_utilities meta vector_math] - frontend_server_client 2.1.3 [async path] - fuchsia_remote_debug_protocol 0.0.0 [process vm_service file meta path platform] - glob 2.0.2 [async collection file path string_scanner] - google_maps 6.2.0 [js_wrapping meta] - googleapis_auth 1.3.0 [crypto http http_parser] - graphs 2.2.0 [collection] - http2 2.0.0 - http_multi_server 3.2.0 [async] - http_parser 4.0.0 [charcode collection source_span string_scanner typed_data] - image_picker_android 0.8.5+1 [flutter flutter_plugin_android_lifecycle image_picker_platform_interface] - image_picker_for_web 2.1.8 [flutter flutter_web_plugins image_picker_platform_interface] - image_picker_ios 0.8.5+6 [flutter image_picker_platform_interface] - image_picker_platform_interface 2.5.0 [cross_file flutter http plugin_platform_interface] - intercom_flutter_platform_interface 1.2.0 [flutter plugin_platform_interface] - intercom_flutter_web 0.2.0 [flutter flutter_web_plugins intercom_flutter_platform_interface uuid] - io 1.0.3 [meta path string_scanner] - js 0.6.4 - js_wrapping 0.7.4 [js] - lints 1.0.1 - logging 1.0.2 - matcher 0.12.11 [stack_trace] - material_color_utilities 0.1.4 - meta 1.7.0 - mime 1.0.1 - nm 0.5.0 [dbus] - node_preamble 2.0.1 - octo_image 1.0.2 [flutter flutter_blurhash] - package_config 2.0.2 [path] - path 1.8.1 - path_drawing 1.0.1 [vector_math meta path_parsing flutter] - path_parsing 1.0.1 [vector_math meta] - path_provider_android 2.0.13 [flutter path_provider_platform_interface] - path_provider_ios 2.0.8 [flutter path_provider_platform_interface] - path_provider_linux 2.1.10 [ffi flutter path path_provider_platform_interface xdg_directories] - path_provider_macos 2.0.5 [flutter path_provider_platform_interface] - path_provider_platform_interface 2.0.3 [flutter platform plugin_platform_interface] - path_provider_windows 2.1.5 [ffi flutter path path_provider_platform_interface win32] - pedantic 1.11.1 - permission_handler_android 9.0.2+1 [flutter permission_handler_platform_interface] - permission_handler_apple 9.0.2 [flutter permission_handler_platform_interface] - permission_handler_platform_interface 3.7.0 [flutter meta plugin_platform_interface] - permission_handler_windows 0.1.0 [flutter permission_handler_platform_interface] - petitparser 5.0.0 [meta] - platform 3.1.0 - plugin_platform_interface 2.1.3 [meta] - pointycastle 3.6.1 [collection convert js] - pool 1.5.0 [async stack_trace] - process 4.2.4 [file path platform] - protobuf 2.0.1 [fixnum collection] - pub_semver 2.1.1 [collection meta] - pubspec_parse 1.2.1 [checked_yaml collection json_annotation pub_semver yaml] - qr 2.1.0 [meta] - quiver 3.0.1+1 [matcher] - rational 1.2.1 - rxdart 0.26.0 - share_plus_linux 3.0.0 [share_plus_platform_interface file flutter meta url_launcher] - share_plus_macos 3.0.0 [share_plus_platform_interface flutter] - share_plus_platform_interface 3.0.2 [flutter meta mime plugin_platform_interface] - share_plus_web 3.0.0 [share_plus_platform_interface url_launcher flutter flutter_web_plugins meta] - share_plus_windows 3.0.0 [share_plus_platform_interface flutter meta url_launcher] - shared_preferences_android 2.0.11 [flutter shared_preferences_platform_interface] - shared_preferences_ios 2.1.0 [flutter shared_preferences_platform_interface] - shared_preferences_linux 2.1.0 [file flutter path path_provider_linux path_provider_platform_interface shared_preferences_platform_interface] - shared_preferences_macos 2.0.3 [flutter shared_preferences_platform_interface] - shared_preferences_platform_interface 2.0.0 [flutter] - shared_preferences_web 2.0.3 [flutter flutter_web_plugins shared_preferences_platform_interface] - shared_preferences_windows 2.1.0 [file flutter path path_provider_platform_interface path_provider_windows shared_preferences_platform_interface] - shelf 1.3.0 [async collection http_parser path stack_trace stream_channel] - shelf_packages_handler 3.0.0 [path shelf shelf_static] - shelf_static 1.1.0 [convert http_parser mime path shelf] - shelf_web_socket 1.0.1 [shelf stream_channel web_socket_channel] - sky_engine 0.0.99 - source_gen 1.2.6 [analyzer async build dart_style glob meta path source_span yaml] - source_helper 1.3.3 [analyzer collection source_gen] - source_map_stack_trace 2.1.0 [path stack_trace source_maps] - source_maps 0.10.10 [source_span] - source_span 1.8.2 [collection path term_glyph] - sprintf 6.0.0 - sqflite 2.0.3 [flutter sqflite_common path] - sqflite_common 2.2.1+1 [synchronized path meta] - stack_trace 1.10.0 [path] - stream_channel 2.1.0 [async] - stream_transform 2.1.0 - string_scanner 1.1.0 [charcode source_span] - sync_http 0.3.0 - synchronized 3.0.0+2 - term_glyph 1.2.0 - test 1.21.1 [analyzer async boolean_selector collection coverage http_multi_server io js node_preamble package_config path pool shelf shelf_packages_handler shelf_static shelf_web_socket source_span stack_trace stream_channel typed_data web_socket_channel webkit_inspection_protocol yaml test_api test_core] - test_api 0.4.9 [async boolean_selector collection meta source_span stack_trace stream_channel string_scanner term_glyph matcher] - test_core 0.4.13 [analyzer async args boolean_selector collection coverage frontend_server_client glob io meta package_config path pool source_map_stack_trace source_maps source_span stack_trace stream_channel vm_service yaml matcher test_api] - timezone 0.8.0 [path] - timing 1.0.1 [json_annotation] - typed_data 1.3.0 [collection] - url_launcher_android 6.0.15 [flutter url_launcher_platform_interface] - url_launcher_ios 6.0.15 [flutter url_launcher_platform_interface] - url_launcher_linux 3.0.0 [flutter url_launcher_platform_interface] - url_launcher_macos 3.0.0 [flutter url_launcher_platform_interface] - url_launcher_platform_interface 2.0.5 [flutter plugin_platform_interface] - url_launcher_web 2.0.8 [flutter flutter_web_plugins url_launcher_platform_interface] - url_launcher_windows 3.0.0 [flutter url_launcher_platform_interface] - vector_math 2.1.2 - vm_service 8.2.2 - watcher 1.0.1 [async path] - web_socket_channel 2.2.0 [async crypto stream_channel] - webdriver 3.0.0 [archive matcher path stack_trace sync_http] - webkit_inspection_protocol 1.1.0 [logging] - webview_flutter_android 2.8.3 [flutter webview_flutter_platform_interface] - webview_flutter_platform_interface 1.8.1 [flutter plugin_platform_interface] - webview_flutter_wkwebview 2.7.1 [flutter webview_flutter_platform_interface] - win32 3.1.3 [ffi] - x25519 0.1.1 [collection adaptive_number] - xdg_directories 0.2.0+1 [meta path process] - xml 6.1.0 [collection meta petitparser] - yaml 3.1.1 [collection source_span string_scanner] ```

darshankawar commented 1 year ago

Thanks for the report @bcgreijnlautier

I'm able to retrieve a valid token when using the debug provider. When running the app in debug mode on my own device and fetching a token using App Attest, I'm also receiving a valid token, so this is a difficult issue to debug.

Same with me. Tried with plugin example on iOS in debug mode was able to retrieve the token.

Maybe check this issue comment and see if it helps in your case ?

bcgreijnlautier commented 1 year ago

That comment only relates to the debug provider, which I'm not having any issues with. The App Attest provider is what's causing a problem, and only for a percentage of my users. I don't know if it's a problem in the Flutter or iOS Firebase SDK, or if it's an issue with Apple, but the only log I'm able to see is [firebase_app_check/unknown] The operation couldn’t be completed. (com.firebase.appCheck error 0.) so I don't know how to debug this.

danagbemava-nc commented 1 year ago

I'm not familiar with app_check and I'm having some issues with the setup at the moment, so I'll label this for further investigation

bcgreijnlautier commented 1 year ago

After talking with some coworkers whose devices are throwing this error, I've determined that the error is triggered by migrating to a new iPhone after installing the app and using App Attest. The attestation key and artifact are being migrated as well, resulting in a verification failure since they are not valid on the new device. See this comment for more context: https://github.com/firebase/firebase-ios-sdk/issues/10561#issuecomment-1358724642.

One solution would involve clearing out the attestation key and artifact when com.firebase.appCheck error 0 is encountered. This is sort of a nuclear option though since this error code could be returned for other reasons. In any case, the App Check iOS SDK would either need to handle this internally, or at least expose the resetAttestation method to allow apps to call it themselves, which would then give FlutterFire the option to expose this method for Flutter apps. It looks like a solution is out of reach for this repo until https://github.com/firebase/firebase-ios-sdk/issues/10561 is resolved.

I wrote a plugin that resolves this issue for now:

import FirebaseAppCheck
import FirebaseCore
import Flutter
import KeychainAccess

public class FirebaseAppCheckUtilsPlugin: NSObject, FlutterPlugin {
    private final var appCheckArtifactKeychainService = "com.firebase.app_check.app_attest_artifact_storage"
    private final var appCheckKeyIDSuiteName = "com.firebase.FIRAppAttestKeyIDStorage"

    public static func register(with registrar: FlutterPluginRegistrar) {
        let channel = FlutterMethodChannel(name: "firebase_app_check_utils", binaryMessenger: registrar.messenger())
        let instance = FirebaseAppCheckUtilsPlugin()
        registrar.addMethodCallDelegate(instance, channel: channel)
    }

    public func handle(_ call: FlutterMethodCall, result: @escaping FlutterResult) {
        switch call.method {
        case "resetAttestation":
            resetAttestation(result: result)
        default:
            result(FlutterMethodNotImplemented)
        }
    }

    private func handleError(error: Error, result: FlutterResult) {
        var code: String
        switch error {
        case AppCheckError.nilApp:
            code = "no_firebase_app_exists"
        default:
            code = "unknown"
        }
        result(FlutterError(code: code, message: nil, details: nil))
    }

    private func resetAttestation(result: FlutterResult) {
        do {
            try resetAppCheckKeyID()
            try resetAppCheckArtifact()
            result(nil)
        } catch {
            handleError(error: error, result: result)
        }
    }

    private func resetAppCheckKeyID() throws -> Void {
        let suffix = try appCheckStorageKeySuffix()
        let keyIDStorageKey = "app_attest_keyID.\(suffix)"
        let userDefaults = UserDefaults(suiteName: appCheckKeyIDSuiteName)
        userDefaults?.removeObject(forKey: keyIDStorageKey)

    }

    private func resetAppCheckArtifact() throws -> Void {
        let accessGroup = try firebaseApp().options.appGroupID
        let keychain: Keychain = {
            if accessGroup == nil {
                return Keychain(service: appCheckArtifactKeychainService)
            } else {
                return Keychain(service: appCheckArtifactKeychainService, accessGroup: accessGroup!)
            }
        }()
        let suffix = try appCheckStorageKeySuffix()
        let artifactStorageKey = "app_check_app_attest_artifact.\(suffix)"
        let artifact = try keychain.getData(artifactStorageKey)
        try keychain.remove(artifactStorageKey)
    }

    private func firebaseApp() throws -> FirebaseApp {
        if let app = FirebaseApp.app() {
            return app
        }
        throw AppCheckError.nilApp
    }

    private func appCheckStorageKeySuffix() throws -> String {
        let app = try firebaseApp()
        let appName = app.name
        let appID = app.options.googleAppID
        return "\(appName).\(appID)"
    }
}

enum AppCheckError : Error {
    case nilApp
}

If the app encounters com.firebase.appCheck error 0, it calls resetAttestation in this plugin, forcing App Check to restart attestation.

Trulsmatias commented 1 year ago

Any updates on this? Looks like https://github.com/firebase/firebase-ios-sdk/issues/10561 is now resolved and no longer blocking

cedvdb commented 11 months ago

Bump: this issue is still mislabeled as "blocked"

Sample to trigger this issue:

void main() async {
  WidgetsFlutterBinding.ensureInitialized();

  await Firebase.initializeApp(
    options: DefaultFirebaseOptions.currentPlatform,
  );
  await FirebaseAppCheck.instance.activate(
    appleProvider: AppleProvider.appAttestWithDeviceCheckFallback,
  );
  await FirebaseAppCheck.instance.setTokenAutoRefreshEnabled(true);
  final appCheckToken = await FirebaseAppCheck.instance.getToken();
  print(appCheckToken);
  runApp(
    const MaterialApp(
      title: 'test',
      home: LoadingIndicator(),
    ),
  );
}
danagbemava-nc commented 11 months ago

cc @russellwheatley, it seems like the issue that was blocking might have been fixed on the firebase sdk.

bantunes22 commented 7 months ago

Any updates on this issue? We are experiencing the same problem using the latest version.

bantunes22 commented 7 months ago

I got it working.

You need to add the App Attest Entitlement and change the value to production.

Something like this (Runner.entitlements):


<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>com.apple.developer.devicecheck.appattest-environment</key>
    <string>production</string>
</dict>
</plist>

image

image