Menu
I recently enabled App Check for my firebase app and enforced it on both my cloud functions and database. The cloud function workflow is behaving correctly. However, I can no longer access the database from the function. A minimal version of my callable function looks something like this:
exports.myFunc = functions.https.onCall(async (data, context) => {
const adminApp = admin.initializeApp();
const ref = adminApp.database().ref('some-node');
if (context.app === undefined) {
throw new functions.https.HttpsError(
'failed-precondition',
'The function must be called from an App Check verified app.',
);
}
try {
return (await ref.orderByKey().equalTo('foo').get()).exists()
} catch(exc) {
console.error(exc);
}
});
This used to work before App Check, but now it fails and I see this in the logs:
@firebase/database: FIREBASE WARNING: Invalid appcheck token (https://my-project-default-rtdb.firebaseio.com/) Error: Error: Client is offline.
Seems like I need to do something extra to get the admin app to pass App Check verification down to the database, but I haven't been able to find any documentation on this yet. I also tried using the app instance from functions.app.admin instead of initializing a new one, but this didn't help.
I have the latest version of the packages:
"firebase-admin": "^9.10.0"
"firebase-functions": "^3.14.1"
575
This attestation is attached to every request your app makes to your Firebase backend resources. App Check has built-in support for using the following services as attestation providers:
App Check guards access to your Firebase resources and custom backends by requiring API calls to contain a valid Firebase App Check token. These two concepts work together to help secure your app.
The error you are getting on the Firebase side is hinting at something being wrong with your string token being passed to the function, can you share the code where you call your cloud function and the relevant parts of the function itself? Also I would suggest you try to log the value of the string token and check if it is the expected value.
firebaser here
The behavior you're seeing is not how it's supposed to work, and we've been able to reproduce it. Thanks for the clear report, and sorry you encountered this.
If you (re)install the Firebase Admin SDK today, you won't be experiencing this same problem as we've fixed the problem in the @firebase/database dependency (in this PR).
If you're (still) experiencing the problem, you can check if you have the correct @firebase/database dependency by running:
npm ls @firebase/database
results look something like this:
[email protected] /Users/you/repos/temp-admin
└─┬ [email protected]
└── @firebase/[email protected]
If your @firebase/database version is lower than 0.10.8, you'll have to reinstall the Admin SDK, for example by deleting your node_modules directory and your package-lock.json file and running npm install again. This may also update other dependencies.
52
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
