search

firebase / flutterfire

🔥 A collection of Firebase plugins for Flutter apps.
https://firebase.google.com/docs/flutter/setup
BSD 3-Clause "New" or "Revised" License
8.61k stars 3.95k forks source link

🐛 [firebase_app_check] Missing support for custom App Check providers #12227

Open MarcVanDaele90 opened 7 months ago

MarcVanDaele90 commented 7 months ago

Bug report

On https://firebase.google.com/docs/app-check/custom-provider, it is explained how to implement a custom App Check provider and it links to pages on how to use this custom provider in Apple, Android and web. However, afaics, it is not possible to use this custom provider in Flutter right now!

Can you also add support for custom providers?

I would like to use custom providers to support the whitelist (cfr discussion https://github.com/firebase/flutterfire/discussions/12222)

darshankawar commented 7 months ago

@MarcVanDaele90 Check if this issue resembles your case or not.

MarcVanDaele90 commented 7 months ago

@darshankawar Thanks for looking at this. I'm not sure to which part of the issue you refer to. As I see it, the issue contains three parts

  1. creating a custom provider (ReactNativeFirebaseAppCheckProvider implements AppCheckProvider)
  2. using it to generate debug tokens
  3. passing the customer provider to initializeAppCheck()

Creating a custom provider (with cloud functions) is documented on https://firebase.google.com/docs/app-check/custom-provider so I don't think we need anything extra for this.

I think the main thing missing right now is the ability to pass the custom provider to FirebaseAppCheck.instance.activate

Part 2 could be a temporary solution for my whitelist problem but I'm not sure I understand it correctly: Would it be the intention to add a "debug" flag to the ReCaptchaV3Provider object which would generate a debug token on-the-fly when set? 

await FirebaseAppCheck.instance.activate(
          webProvider: ReCaptchaV3Provider(appCheckKey)
      );

If so, I could indeed

This would be a nice fix for my current problem. Though I still think that, in the long run, Flutter should also support custom providers.

darshankawar commented 7 months ago

Thanks for the feedback.

zvikarp commented 7 months ago

Also, I would like to implement a custom app check provider in Flutter but there is no way to do it currently. Now that SMS costs are per send and not per sign-in, it is risky to use Firebase auth without app check, and we need a way to whitelist some users.

MarcVanDaele90 commented 6 months ago

@darshankawar is it possible to give an update? Is it possible to give a high level timeline?
We would really like to implement a custom app check provider in Flutter because app check is blocking valid customers.
I'm certainly willing to help where possible.

MarcVanDaele90 commented 4 months ago

A short status-update would be appreciated. Any idea if (and when) this will be added?

MarcVanDaele90 commented 3 weeks ago

Ping (I understand such a ping is annoying but a short update would be much appreciated)