Play Integrity not working in android

[dev007github]

Hi everyone,

lots of otp auth issues facing in android (ios working fine) after upgrading package to the latest version. please help..

previously used version
" @react-native-firebase/app": "^17.3.0",
 "@react-native-firebase/app-check": "^17.0.0",
 "@react-native-firebase/auth": "^16.1.1",

current version
 "@react-native-firebase/app": "^17.4.2", 
"@react-native-firebase/app-check": "^17.4.2", 
"@react-native-firebase/auth": "^17.4.2",

app check code:

**let rnfbProvider = firebase
.appCheck()
.newReactNativeFirebaseAppCheckProvider(); rnfbProvider.configure({ android: { provider: DEV ? 'debug' : 'playIntegrity', debugToken: '11E6C4AD-5A71-4506-B351-5B4B058793FB', }, apple: { provider: 'appAttestWithDeviceCheckFallback', }, web: { provider: "reCaptchaV3", siteKey: "unknown", }, });

firebase .appCheck() .initializeAppCheck({ provider: rnfbProvider, isTokenAutoRefreshEnabled: true, });**

issue:
 in simulator some times getting error like "Error: auth/app-not-authorized] This app is not authorized to use Firebase Authentication. Please verify that the correct package name and SHA-1 are configured in the Firebase Console. I Invalid request fields in play_integrity_token]"

but already registered playintegrity in firebase and added sha1 and sha64... some times auth working with browser recaptcha flow.

in real device getting Error: "[appCheck/token-error] com.google.firebase.FirebaseException: Error returned from API. code: 403 body: App attestation failed"

auth working with browser recaptcha flow.. but previously otp sms format was currect in release version.. but now otp contains firebase project url in release version..

My previous app version is still working fine for otp auth...so I tried to revert above package versions.. but no luck..same issue...
any solution for this issue?

[bimix]

I am having exactly the same issue. I cant even grep the debug token to use in debug mode.

[mikehardy]

I believe play integrity only works with a signed release from the app store? This was noticed and documented quite recently.

App Check and Auth are completely separate, you have included app check config here but it is not related in any way.

Both can use Play Integrity but they are separate firebase systems. Play Integrity itself is a completely separate google system. So App Check and Auth have nothing to do with each other, even if Play Integrity it what you are struggling with

@bimix if you cannot get a debug token, then you are having an app check problem, but the original poster is talking about Auth OTPs. Different things. And you'll need to carefully look at your app check config to make sure it uses the debug provider in situations you want a debug token.

[bimix]

@mikehardy thanks for helping. However, it is kinda strange why we need to have our app released to the app store to test the app-check. What about during development (prod/staging releases), I cant test it with an app-check enforced?

[mikehardy]

That is what debug tokens and the debug provider with a shared token stored in CI are for I think?

[bimix]

debug token is working fine now but I mean the production releases that I make to test the app before I publish to play store.

[dev007github]

I believe play integrity only works with a signed release from the app store? This was noticed and documented quite recently.

App Check and Auth are completely separate, you have included app check config here but it is not related in any way.

Both can use Play Integrity but they are separate firebase systems. Play Integrity itself is a completely separate google system. So App Check and Auth have nothing to do with each other, even if Play Integrity it what you are struggling with

@bimix if you cannot get a debug token, then you are having an app check problem, but the original poster is talking about Auth OTPs. Different things. And you'll need to carefully look at your app check config to make sure it uses the debug provider in situations you want a debug token.

Thanks for suggestion...Actually i mean recaptcha flow in auth is due to the app check failure? anyway debug build getting same error as "......Invalid request fields in play_integrity_token" dont know why... I will check on play store build once and update.

[mikehardy]

recaptcha flow in auth is due to the app check failure

Auth and AppCheck are separate.

[bimix]

@mikehardy can you reply to my other comment?

[dev007github]

recaptcha flow in auth is due to the app check failure

Auth and AppCheck are separate.

@mikehardy its different but app check is required for otp authentication...right? docs https://firebase.google.com/docs/auth/android/phone-auth#enable-app-verification

[mikehardy]

@dev007github please read this: https://github.com/invertase/react-native-firebase/issues/7030#issuecomment-1501233962

[mikehardy]

@bimix I don't think there is anything to add, apologies. Everything I know, I have commented on here

[nixolas1]

Might help: https://github.com/invertase/react-native-firebase/issues/6886#issuecomment-1505130787

[dev007github]

Thanks all. play integrity is working as expected in play store build. Also recaptcha flow not able to see in play store build. In Release build which i have installed locally not working properly. But in play store build above issues seems like resolved..

[Akshay-Niveus]

Hello @dev007github, we are trying to integrate play Integrity using firebase app-check package in our project to skip captcha flow while sending otp to user in android when user is trying to login using phone number and otp supported by firebase.

While doing so we have got similar issue, can I know where exactly you have placed the code in your project? Code snippet:- **let rnfbProvider = firebase
.appCheck()
.newReactNativeFirebaseAppCheckProvider(); rnfbProvider.configure({ android: { provider: DEV ? 'debug' : 'playIntegrity', debugToken: '11E6C4AD-5A71-4506-B351-5B4B058793FB', }, apple: { provider: 'appAttestWithDeviceCheckFallback', }, web: { provider: "reCaptchaV3", siteKey: "unknown", }, });

firebase .appCheck() .initializeAppCheck({ provider: rnfbProvider, isTokenAutoRefreshEnabled: true, });**

I have tried adding it in App.js and even in the component where signInWithPhoneNumber method is present.

Is there other configuration/code that you have added to make it work?

Firebase package versions:-

"@react-native-firebase/app": "17.4.2",
"@react-native-firebase/app-check": "17.4.2",
"@react-native-firebase/auth": "17.4.2",

@mikehardy Do we have to add any extra configuration other than the code snippet that is mentioned above?

[bsp003]

@dev007github @mikehardy

What is the experience of skipping captcha that we get after integrating with playintegrity?

I am getting a pop up with message "Verifying that you are not a robot" and it dismisses automatically. Is this the expected behavior? I thought it will be a transparent transition.

Kindly suggest.

[geongun20]

I tried to use play integrity on sms verification. But recaptcha flow was not disappeared. Firebase version is 17.4.2

[jamiees2]

I am also running into the same issue as @bsp003 mentioned, after integrating with play integrity, and following all the guides (sha1/sha256 from keytool -printcert -jarfile <app>.apk in firebase project, adding sha256 to app check, updating google-services.json, enabling Integrity API on project, redistributing via play store), the captcha window seems to keep showing up briefly, and then automatically dismiss.

This is with @react-native-firebase/app@17.4.2 and @react-native-firebase/auth@17.4.2.

After looking through adb logcat, it looks like the initial auth is failing for some reason, and falls back on the captcha:

04-18 21:52:39.211 25071 25448 E FirebaseAuth: [SmsRetrieverHelper] SMS verification code request failed: unknown status code: 18002 null
04-18 21:52:39.213 25071 25071 D FirebaseAuth: Re-triggering phone verification with Recaptcha flow forced for phone number <REDACTED>
04-18 21:52:39.213 25071 25071 I zzh     : ForceRecaptchaFlow from phoneAuthOptions = true, ForceRecaptchaFlow from firebaseSettings = false

Initially I linked this to https://github.com/firebase/flutterfire/issues/10750, but I'm not convinced that it is the same problem, as the purported fix of upgrading to firebase sdk 31.5.0 didn't work for me.

Does anyone have any ideas what could be going wrong?

[jamiees2]

After looking into it some more, downgrading to react native firebase 17.4.1 fixed the problem for me. Since the only difference between 17.4.1 and 17.4.2 is https://github.com/invertase/react-native-firebase/commit/59b02382492ee568fc9d4bed933ae1cf8d7efdfb, where Play Integrity support is first introduced into the firebase SDK (see https://firebase.google.com/support/release-notes/android#auth_v21-2-0), going back to SafetyNet seemed to solve it.

Given that, I think that this probably isn't an issue with react-native-firebase, just a problem with the Android SDK entirely. Hopefully it'll get fixed soon.

[kakky0418]

@jamiees2 Exactly the same issue…

How do you deal with this one?(Migration deadline) https://developer.android.com/training/safetynet/deprecation-timeline

[bsp003]

Right @kakky0418. We created a new project recently and SafetyNet API is gone! We are forced to use PlayIntegrity and we are facing this issue.

[jamiees2]

@kakky0418

How do you deal with this one?(Migration deadline) https://developer.android.com/training/safetynet/deprecation-timeline

Honestly, I don't know :/. We accidentally shipped an upgrade to this library in a production upgrade and were having issues with all our users, which meant that downgrading at least solved the immediate problem, but we'll have other issues in just over a month's time.

At this point, my plan is to just check back on this in a month and see if the SDK/firebase auth server have fixed their problems wrt play integrity, it definitely seems like the app did everything right - I can see the play integrity API calls and correct token fetches/etc, it just gets an error from the server and is forced into a captcha, which feels like it is something out of my control at this point.

If you want to speed that up, I'd probably reach out to firebase support, that was going to be my next step if downgrading didn't work.

[kakky0418]

@jamiees2 Thank you for the good information! Firebase seems to be working on fixing the issue now.

https://github.com/firebase/flutterfire/issues/10593#issuecomment-1516913704

https://status.firebase.google.com/incidents/UY1LTFan8X5oybhphzfV

[nohe427]

If reCaptcha is failing as a fallback and you are not getting any OTP messages, please check out this comment : https://github.com/firebase/flutterfire/issues/10593#issuecomment-1520911877

[github-actions[bot]]

Hello 👋, to help manage issues we automatically close stale issues.

This issue has been automatically marked as stale because it has not had activity for quite some time.Has this issue been fixed, or does it still require attention?

This issue will be closed in 15 days if no further activity occurs.

Thank you for your contributions.

[davidcort]

I am having exactly the same issue. I cant even grep the debug token to use in debug mode.

Me too :(

When i use:

const request = await auth().verifyPhoneNumber(+52${phoneNumber}, 120, true);

The console returns:

NativeFirebaseError: [auth/unknown] An internal error has occurred. [ Firebase App Check token is invalid. ]

I generated the token with the firebase tool, because the debug token DebugAppCheckProvider never appears in the logcat.

I sended a bundle to the Play Store for testing purposes, no works in production anyways.

[WidgetPMT]

I am having exactly the same issue. I cant even grep the debug token to use in debug mode.

Me too :(

When i use:

const request = await auth().verifyPhoneNumber(+52${phoneNumber}, 120, true);

The console returns:

NativeFirebaseError: [auth/unknown] An internal error has occurred. [ Firebase App Check token is invalid. ]

I generated the token with the firebase tool, because the debug token DebugAppCheckProvider never appears in the logcat.

I sended a bundle to the Play Store for testing purposes, no works in production anyways.

I have the same problem with you. I lost a lot of time to research and found a solution. The reason from I miss bundle id ios_info in google-services.json file. So, I think you need to check clear this file and follow correct documents config on Android https://firebase.google.com/docs/auth/android/phone-auth#enable-phone-number-sign-in-for-your-firebase-project

[SectionTN]

i have the same problem, my SHA-1 and SHA-256 are the same in the cloud console and firebase settings, google-services.json file placed, same keystore file and i still get auth/missing-client-identifier, on all my android phones even i bypassed playIntegrity on my other phone and still doesn't want to succeed

screenshot for play integrity:

screenrecord: https://github.com/invertase/react-native-firebase/assets/73752904/1526bba6-7457-4040-92d7-c2e139e0cb13

PS: my previous release on the play store is working fine, i have two SHA-1 and two SHA-256, i've been busy and i didn't opened my project for a while, i didn't change a single thing and this error shows up from nowhere.

[davidcort]

I resolved this issue on Android.

First, erase the firebase json file from your android/app project and all SHA-1 and SHA-256 from the firebase console config and save.

Second, go to android folder and run: ./gradlew signingReport Third, copy the first debug keys and put on the firebase console. Only the SHA-1 and SHA-256 and save. Important: Download again the firebase json file and put on the android/app filder. Erase all cache with: watchman watch-del-all && rm -fr $TMPDIR/metro-cache && rm $TMPDIR/haste-map-* && yarn cache clean.

It´s all, your app should receive sms messages :)

[mikehardy]

This will work for your debug build, @davidcort but I do not think it will work for release builds will it? Especially not if you are using the AAB format and google has custody of the actual signing keys that end-user devices will see? For those you need to go to the Google Play console to grab your signing key fingerprints and add those into the firebase console too, if I understand correctly

[davidcort]

This will work for your debug build, @davidcort but I do not think it will work for release builds will it? Especially not if you are using the AAB format and google has custody of the actual signing keys that end-user devices will see? For those you need to go to the Google Play console to grab your signing key fingerprints and add those into the firebase console too, if I understand correctly

Works in ours tests with the versions beta on Android. You can add the release keys from signing report too.

[Secr3ts]

Any clues on this ? All my SHA key are on firebase and I still can't use phone auth. Here's my appcheck init snippet ` const rnfbProvider = firebase.appCheck().newReactNativeFirebaseAppCheckProvider(); rnfbProvider.configure({ android: { provider: DEV ? 'debug' : 'playIntegrity', debugToken: 'hidden', }, apple: { provider: DEV ? 'debug' : 'appAttestWithDeviceCheckFallback', debugToken: 'hidden, }, });

firebase.appCheck().initializeAppCheck({ provider: rnfbProvider, isTokenAutoRefreshEnabled: true })
   .then((res) => {
      console.log("app check initialized: " + res);
   }).catch((error) => {
     console.error("app check failed: " + error);
   });

`

When running the snippet I get this:

Any help is appreciated ! Edit: I don't know why the code formatting doesn't work

[github-actions[bot]]

Hello 👋, to help manage issues we automatically close stale issues.

This issue has been automatically marked as stale because it has not had activity for quite some time.Has this issue been fixed, or does it still require attention?

This issue will be closed in 15 days if no further activity occurs.

Thank you for your contributions.