@capacitor-firebase/app-check¶

Unofficial Capacitor plugin for Firebase App Check.¹

Installation¶

npm install @capacitor-firebase/app-check firebase
npx cap sync

Add Firebase to your project if you haven't already (Android / iOS / Web).

Android¶

See Set up your Firebase project and follow the instructions to set up your app correctly.

Variables¶

This plugin will use the following project variables (defined in your app’s variables.gradle file):

$firebaseAppCheckPlayIntegrityVersion version of com.google.firebase:firebase-appcheck-playintegrity (default: 17.0.1)
$firebaseAppCheckDebugVersion version of com.google.firebase:firebase-appcheck-debug (default: 17.0.1)

iOS¶

On iOS 14 and later, see Set up your Firebase project and follow the instructions to set up your app correctly.

On iOS 13, see Set up your Firebase project and follow the instructions to set up your app correctly.

Make sure that the private key (*.p8) you upload to Firebase has DeviceCheck selected as a service.

Web¶

See Set up your Firebase project and follow the instructions to set up your app correctly.

Configuration¶

No configuration required for this plugin.

Firebase JavaScript SDK¶

Here you can find information on how to use the plugin with the Firebase JS SDK.

Demo¶

A working example can be found here: robingenz/capacitor-firebase-plugin-demo

Usage¶

import { FirebaseAppCheck } from '@capacitor-firebase/app-check';

const getToken = async () => {
  const { token } = FirebaseAppCheck.getToken({
    forceRefresh: false,
  });
  return token;
};

const initialize = async () => {
  await FirebaseAppCheck.initialize({
    siteKey: 'myKey',
  });
};

const setTokenAutoRefreshEnabled = async () => {
  await FirebaseAppCheck.setTokenAutoRefreshEnabled({ enabled: true });
};

const addTokenChangedListener = async () => {
  await FirebaseAppCheck.addListener('tokenChanged', event => {
    console.log('tokenChanged', { event });
  });
};

const removeAllListeners = async () => {
  await FirebaseAppCheck.removeAllListeners();
};

getToken(...)¶

getToken(options?: GetTokenOptions | undefined) => Promise<GetTokenResult>

Get the current App Check token.

Param	Type
`options`	`GetTokenOptions`

Returns: Promise<GetTokenResult>

Since: 1.3.0

initialize(...)¶

initialize(options?: InitializeOptions | undefined) => Promise<void>

Activate App Check for the given app. Can be called only once per app.

Param	Type
`options`	`InitializeOptions`

Since: 1.3.0

setTokenAutoRefreshEnabled(...)¶

setTokenAutoRefreshEnabled(options: SetTokenAutoRefreshEnabledOptions) => Promise<void>

Set whether the App Check token should be refreshed automatically or not.

Param	Type
`options`	`SetTokenAutoRefreshEnabledOptions`

Since: 1.3.0

addListener('tokenChanged', ...)¶

addListener(eventName: 'tokenChanged', listenerFunc: TokenChangedListener) => Promise<PluginListenerHandle>

Called when the App Check token changed.

Only available for Web.

Param	Type
`eventName`	`'tokenChanged'`
`listenerFunc`	`TokenChangedListener`

Returns: Promise<PluginListenerHandle>

Since: 1.3.0

removeAllListeners()¶

removeAllListeners() => Promise<void>

Remove all listeners for this plugin.

Only available for Web.

Since: 1.3.0

Interfaces¶

GetTokenResult¶

Prop	Type	Description	Since
`token`	`string`	The App Check token in JWT format.	1.3.0
`expireTimeMillis`	`number`	The timestamp after which the token will expire in milliseconds since epoch. Only available for Android and iOS.	1.3.0

GetTokenOptions¶

Prop	Type	Description	Default	Since
`forceRefresh`	`boolean`	If `true`, will always try to fetch a fresh token. If `false`, will use a cached token if found in storage.	`false`	1.3.0

InitializeOptions¶

Prop	Type	Description	Default	Since
`debug`	`boolean`	If `true`, the debug provider is used. ⚠️ Attention: The debug provider allows access to your Firebase resources from unverified devices. Don't use the debug provider in production builds of your app, and don't share your debug builds with untrusted parties. Read more: https://firebase.google.com/docs/app-check/web/debug-provider	`false`	1.3.0
`isTokenAutoRefreshEnabled`	`boolean`	If `true`, the SDK automatically refreshes App Check tokens as needed.	`false`	1.3.0
`siteKey`	`string`	The reCAPTCHA v3 site key (public key). Only available for Web.		1.3.0

InstanceFactoryOptions¶

Prop	Type
`instanceIdentifier`	`string`
`options`	`{}`

SetTokenAutoRefreshEnabledOptions¶

Prop	Type	Description	Since
`enabled`	`boolean`	If `true`, the SDK automatically refreshes App Check tokens as needed. This overrides any value set during initializeAppCheck().	1.3.0

PluginListenerHandle¶

Prop	Type
`remove`	`() => Promise<void>`

TokenChangedEvent¶

Prop	Type	Description	Since
`token`	`string`	The App Check token in JWT format.	1.3.0

Type Aliases¶

InitializeOptions¶

InstanceFactoryOptions

TokenChangedListener¶

Callback to receive the token change event.

(event: TokenChangedEvent): void

Testing¶

Android¶

Follow these steps to test your implementation on a real device:

Start your app on the Android device.
Run the following command to grab your temporary secret from the android logs:

adb logcat | grep DebugAppCheckProvider

The output should look like this:

D DebugAppCheckProvider: Enter this debug secret into the allow list in
the Firebase Console for your project: XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX

Next, open the App Check project in the Firebase Console and select Manage debug tokens from the overflow menu of your app. Then, register the debug secret from the output.

Changelog¶

See CHANGELOG.md.

License¶

See LICENSE.

This project is not affiliated with, endorsed by, sponsored by, or approved by Google LLC or any of their affiliates or subsidiaries. ↩