I am running the following code from android to get the AppCheck Token. However, I am getting an error with in.
FirebaseAppCheck.getInstance()
.getAppCheckToken(true)
.addOnSuccessListener(new OnSuccessListener<AppCheckToken>() {
@Override
public void onSuccess(@NonNull AppCheckToken tokenResponse) {
String appCheckToken = tokenResponse.getToken();
new FirebaseAPIFunction(appCheckToken).execute();
}
}).addOnFailureListener(new OnFailureListener() {
@Override
public void onFailure(@NonNull Exception e) {
e.printStackTrace();
}
});
This is the error I am receiving.
W/System.err: com.google.firebase.FirebaseException: Error returned from API. code: 403 body: App attestation failed.
W/System.err: at com.google.firebase.appcheck.internal.NetworkClient.exchangeAttestationForAppCheckToken(NetworkClient.java:177)
W/System.err: at com.google.firebase.appcheck.safetynet.internal.SafetyNetAppCheckProvider.lambda$exchangeSafetyNetAttestationResponseForToken$1$SafetyNetAppCheckProvider(SafetyNetAppCheckProvider.java:186)
W/System.err: at com.google.firebase.appcheck.safetynet.internal.-$$Lambda$SafetyNetAppCheckProvider$B6GhOWtZfyrWKLfSayghedQVnKQ.call(Unknown Source:4)
W/System.err: at com.google.android.gms.tasks.zzv.run(Unknown Source:2)
W/System.err: at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1167)
W/System.err: at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:641)
W/System.err: at java.lang.Thread.run(Thread.java:920)
When setting up the App Attestation for Android, I used the SHA 256 key within my Google Play Store Console under this information.

What is the best way to fix this from the client?
I have found a solution. If you are using the debug provider, it is probably because your debug token has expired. A new one has been generated in the Android Studio console. Add it to your Firebase application so that the tests you make continue to work or you can change the expiration date of each token (This will apply both for debug and production).
Note: It is not recommended to use an expiration greater than one hour when your application is already in production.
Luck!

In Google play console go to App integrity. Click "Link a Google Cloud project" then select the cloud project that got created with the Firebase project (cloud.google.com). If you are on another Google account then the one that created the Firebase project you can be added by that email to the Google Cloud project by going to IAM & Admin -> View By Principals -> Grant Access. Then enter the Google Play account email and then wait a few minutes. Finally check back to Google Play and the project should be selectable.
After selecting the cloud project in the upper right-hand corner under App Integrity -> Services select "Settings" then scroll down to testing, click Create new test then add emails for Google Play accounts that are whitelisted while running the app on a device while testing. Whatever the email is if you go into the Google Play app and click tap profile icon in the upper right hand-corner.
Under Integrity API Responses select Android device integrity -> Licensed Play-recognized app. On real devices the token will now generate.
Firebase.appCheck.getAppCheckToken(false).addOnSuccessListener {
Log.d("App Check Token", it.token)
}
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With