App check unwanted enforcement on Firebase callable functions

Question

Without having changed anything in my Firebase callable functions code, but having re-deployed them, now they suddenly start rejecting all function invocations from my app with the error shown below. I would like NOT to use App Check until I am ready to make the changes needed. How do I stop my callable (https.onCall) Firebase functions from rejecting invalid App Checks, and instead only reject invalid Authentication?

Failed to validate AppCheck token. FirebaseAppCheckError: Decoding App Check token failed. Make sure you passed the entire string JWT which represents the Firebase App Check token.
    at FirebaseAppCheckError.FirebaseError [as constructor] (/workspace/node_modules/firebase-admin/lib/utils/error.js:44:28)
    at FirebaseAppCheckError.PrefixedFirebaseError [as constructor] (/workspace/node_modules/firebase-admin/lib/utils/error.js:90:28)
    at new FirebaseAppCheckError (/workspace/node_modules/firebase-admin/lib/app-check/app-check-api-client-internal.js:187:28)
    at /workspace/node_modules/firebase-admin/lib/app-check/token-verifier.js:82:19
    at processTicksAndRejections (internal/process/task_queues.js:97:5) {
  errorInfo: {
    code: 'app-check/invalid-argument',
    message: 'Decoding App Check token failed. Make sure you passed the entire string JWT which represents the Firebase App Check token.'
  },
  codePrefix: 'app-check'
} 

Callable request verification failed: AppCheck token was rejected. {"verifications":{"app":"INVALID","auth":"VALID"}}

The code rejecting all requests due to invalid App Check is super simple:

const functions = require("firebase-functions");
const admin = require("firebase-admin");
admin.initializeApp();
exports.example = functions.https.onCall((data, context) => {
  return "test";
}

Package.json:

"engines": {
    "node": "12"
},
"main": "index.js",
"dependencies": {
  "firebase-admin": "^9.10.0",
  "firebase-functions": "^3.14.1"
},

Answer 1

I had the same experience. The docs say that you are supposed to check like this[1]:

  if (context.app == undefined) {
    throw new functions.https.HttpsError(
        'failed-precondition',
        'The function must be called from an App Check verified app.')
  }

But, this is not the case in my experience, the App Check starts to be enforced immediately the moment you add App Check to your app.

EDIT:

moreover, even without doing any check in my code, I can see this in the logs whenever I call one of my functions:

Callable request verification passed {"verifications":{"auth":"VALID","app":"VALID"}}

So it seems App Check happens automatically, at least in Callable Functions. If you want to bypass AppCheck in one of your functions, you might want to try an HTTP function instead (not Callable).

[1] Source https://firebase.google.com/docs/app-check/cloud-functions