stackoom
  简体   繁体   中英

Firebase App check denied all queries for Firestore in Android

 原文  2022-07-09 13:07:52       android/ kotlin/ google-cloud-firestore/ firebase-app-check

Question

Following the tutorial here but when firebase app check is enforced all queries come back as denied

W/FirebaseProfileService: GET FAILED WITH com.google.firebase.firestore.FirebaseFirestoreException: PERMISSION_DENIED: Missing or insufficient permissions.

I have ran the app check in the main activity and it doesn't produce any errors.

fun appCheck(){
    FirebaseApp.initializeApp(this)
    val firebaseAppCheck = FirebaseAppCheck.getInstance()
    firebaseAppCheck.installAppCheckProviderFactory(
        PlayIntegrityAppCheckProviderFactory.getInstance()
    )
}

I can also see the request token in the logs.

I/PlayCore: UID: [] PID: [] IntegrityService: requestIntegrityToken(IntegrityTokenRequest{nonce=*****

I/PlayCore: UID: [] PID: [] IntegrityService: Initiate binding to the service.

I/PlayCore: UID: [] PID: [] IntegrityService: ServiceConnectionImpl.onServiceConnected(ComponentInfo{com.android.vending/com.google.android.finsky.integrityservice.IntegrityService})

I/PlayCore: UID: [] PID: [] IntegrityService: linkToDeath

W/Firestore: (24.1.2) [Firestore]: ********** failed: Status{code=PERMISSION_DENIED, description=Missing or insufficient permissions., cause=null}

"***" data has been omitted for privacy reasons

Is there any way to check AppCheck or PlayIntegrity errors? Cloud monitoring only seems to monitor cloud functions. As stated before, all queries and firestore rules work properly when AppCheck is not enforced.

There also doesn't seem to be any mention of where to specify the latest version of the app besides uploading a release to play store console. Do I have to upload a release for AppCheck to allow firestore queries?

Edit: Im leaning towards this being an issue with IAM roles.

2 answers

solution1
 0  2022-07-23 13:43:15

This is the answer I got from Firebase Support. Apparently the app must be published before app check will work with play integrity. My chat with firebase:

Yes, it is necessary to have published the app in the Google Play Store, in order to have a valid SHA-256 fingerprint and then start validating the requests by PlayIntegrity. You can check this reference.

In your case, if the app is still in development, or in continuous integration, it would be better to use a debug token in the emulator.

solution2
 0  2022-08-27 03:33:38

Check if your nonce is too short.

The value set in the nonce field must be correctly formatted:

String
URL-safe
Encoded as Base64 and non-wrapping
Minimum of 16 characters
Maximum of 500 characters

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Firebase App Check Quota Limits when using with firestore SDK in android Firestore/Firebase permissions denied using onDisconnect() How to check if a Firebase App is already initialized on Android How to update all collection in firebase firestore in flutter Is Firebase's new Firestore DB more expensive for an e-commerce android app? Why my Firebase firestore data is not showing in android How to retrieve data on firebase firestore Android? Upload multiple files to firebase firestore in Android How to check if value exists in other collection in Firebase/Firestore Firebase Cloud Functions Firestore Trigger produces: Error: 7 PERMISSION_DENIED: Missing or insufficient permissions
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM