[Firebase/Firestore][I-FST000001] AppCheck failed - debug token

[jadonhansen]

I am trying to obtain my AppCheck debug token from the Xcode logs and from the adb command output but I am getting the following error:
[Firebase/Firestore][I-FST000001] AppCheck failed: 'The operation couldn’t be completed. (com.apple.devicecheck.error error 0.)'.

I am seeing the traffic appear in the firebase console App Check section under: "Unverified: Invalid requests", which proves that the AppCheck package is installed correctly.
Note: I have not enforced the App Check yet via the console.

I have done the following:

1. Installed AppCheck package
2. Added AppAttest to Signing & Capabilities in Xcode.
3. From my Apple developer account I added a new key (with devicecheck) enabled and its relevant ID and team ID to the firebase console. (So this enabled DeviceCheck and App Attest on firebase console for me)
4. For Android I registered both my sha-256 for production and debug builds. (Enabling both SafetyNet and Play Integrity for me)
5. In GCP I have 'Firebase App Check API' enabled for both my iOS and Android keys. And "Google Play Integrity API" enabled for Android key.

For iOS however, I do have a different team ID for debug signing (yes, this is a thing from Apple) which may be a reason why it is not working on iOS. Unfortunately I can only register one team ID on firebase console.

But I am unsure as to why it is not working for Android..?

[mikehardy]

Hmm - this seems like it should be working based on your description of performed items 1-5, however I will say this part:

I am seeing the traffic appear in the firebase console App Check section under: "Unverified: Invalid requests", which proves that the AppCheck package is installed correctly.

...does not I think mean that you have actually installed it correctly. I think you will see that sort of message any time you have enabled appcheck in the firebase web console in non-enforcing mode. I think that's the generic "well, we're looking for AppCheck but don't see the headers" message, which could mean any number of things are going wrong in the client (like: you can't get device attestation somehow, for some reason)

This is a bit vague but all I can think of is to reach into the node_modules app check code and add logging around the API usage as we go down to the firebase-ios-sdk / firebase-android-sdk areas so you can be 100% sure the tokens are requested, and what the APIs return, then add some javascript where you explicitly call the AppCheck apis and attempt to log out the current token / token status

[jadonhansen]

I revisited this issue recently and found that it was fixed due to another issue I had resolved earlier where my firebase auth tokens weren't being refreshed properly.
API permissions are a pain and there's no real guide to which permissions should be allowed for particular firebase features.

This question can be closed :)

[akeva001]

Hey @jadonhansen! I'm curious if you were able to get it working for iOS and if so, what the solution was. Thanks in advance!

[yunsanch]

yeah what was the fix?