Unable to get AppCheck (Debug on Emulator) to work on a Flutter application

Question

I have a flutter application, adding AppCheck and using Android Emulator to test and debug. I am testing the access of Realtime database. From my Firebase Console, AppCheck shows that all my access are of this type: Unverified: invalid requests. I have followed this: https://firebase.google.com/docs/app-check/android/debug-provider.

my app/build.gradle

dependencies {
    ...
    //implementation 'com.google.firebase:firebase-appcheck-safetynet:16.0.0-beta02'
    implementation 'com.google.firebase:firebase-appcheck-debug:16.0.0-beta03'
    ...
}

In my main.dart

void main() async {
  WidgetsFlutterBinding.ensureInitialized();

  await Firebase.initializeApp();

  // Initialize AppCheck
  await FirebaseAppCheck.instance.activate();
...

In MainActivity.kt, I have the following:

import io.flutter.embedding.android.FlutterActivity
import android.os.Bundle
import android.util.Log
import com.google.firebase.FirebaseApp
import com.google.firebase.appcheck.FirebaseAppCheck
import com.google.firebase.appcheck.debug.DebugAppCheckProviderFactory
//import com.google.firebase.appcheck.safetynet.SafetyNetAppCheckProviderFactory

class MainActivity: FlutterActivity() {
    // For Debug Only. Do not do this for Production
    override fun onCreate(savedInstanceState: Bundle?) {
        FirebaseApp.initializeApp(this)
        Log.e("MainActivity", "onCreate")
        val firebaseAppCheck = FirebaseAppCheck.getInstance()
        firebaseAppCheck.installAppCheckProviderFactory(DebugAppCheckProviderFactory.getInstance())
        super.onCreate(savedInstanceState)
    }
}

From logcat, I can see the following log

com.google.firebase.appcheck.debug.internal.DebugAppCheckProvider: Enter this debug secret into the allow list in the Firebase Console for your project: xxxxxxxxxxxxx

Based on the token, I use managed debug token and set it to a debug token.

Using the AppCheck

Realtime Database only shows unverified requests

I am expecting to see verified requests showing up.

I also use Android Studio profiler to monitor the Network, I can see a request

POST https://firebaseappcheck.googleapis.com/v1beta/projects/<app>/apps/<appid>:exchangeSafetyNetToken?key=<key>

In the payload is a JSON safetynet token.

I get a response of 403.

Note that I have not turn on enforcement on the realtime database.

What am I missing with AppCheck? Am I supposed to see verified request using the emulator or only on real physical device (release mode)?

Answer 1

I tried with onCreate but couldn't get it to work.

Using a MethodChannel worked instead 🎉:

// main.dart

void main() async {
 // ...

 await Firebase.initializeApp();
 await FirebaseAppCheck.instance.activate();

 // FirebaseAppCheck when enforced would block incoming requests from Android emulator and iOS simulator too.
 // This kDebugMode check gets a debug token from FirebaseAppCheck which can then be added on the Firebase
 // console so that the emulator and simulator can be allowed to access to Firestore.
 if (kDebugMode) {
  try {
   const MethodChannel methodChannel = MethodChannel("method-channel");
   await methodChannel.invokeMethod("getFirebaseAppCheckDebugToken");
  } catch (e) {
   print("FirebaseAppCheck debug token error: $e");
  }
 }

 // ...
}

// MainActivity.kt

package com.yourname.applicationname

import android.util.Log
import androidx.annotation.NonNull
import com.google.firebase.FirebaseApp
import com.google.firebase.appcheck.FirebaseAppCheck
import com.google.firebase.appcheck.debug.DebugAppCheckProviderFactory
import io.flutter.embedding.android.FlutterActivity
import io.flutter.embedding.engine.FlutterEngine
import io.flutter.plugin.common.MethodChannel

class MainActivity : FlutterActivity() {
    override fun configureFlutterEngine(@NonNull flutterEngine: FlutterEngine) {
        super.configureFlutterEngine(flutterEngine)
        MethodChannel(flutterEngine.dartExecutor.binaryMessenger, "method-channel").setMethodCallHandler { call, result ->
            if (call.method == "getFirebaseAppCheckDebugToken") {
                FirebaseApp.initializeApp(this)
                Log.d("configureFlutterEngine", "FirebaseApp.initializeApp")

                val firebaseAppCheck = FirebaseAppCheck.getInstance()
                Log.d("configureFlutterEngine", "firebaseAppCheck")
                firebaseAppCheck.installAppCheckProviderFactory(DebugAppCheckProviderFactory.getInstance())
                Log.d("configureFlutterEngine", "installAppCheckProviderFactory")

                result.success("Yay!")
            }
        }
    }
}

Result on every app launch on the Android emulator in Flutter debug mode: