Is anybody having reliability problems with AppCheck for Firestore?

[Richard Scotten]

Hello,

I implemented AppCheck for Firestore with the regular (free) reCaptcha and over 70% (sometimes 90%) of my AppCheck requests were invalid consistently for over a month.  

I finally had to turn off AppCheck because so many of my users were complaining about AppCheck related issues, essentially not being authorized to connect to Firestore.  Which basically renders my websites unusable.

AppCheck feels like it's still a beta product at this point.

Is anybody else experiencing these issues?  

Richard

[Ehsan Nasiri]

Hi Richard,

Sorry to hear about your experience. That's certainly not what we're aiming for. We'd be glad to help find the root cause of your issue. IIUC you have a web application. Is there a specific technology stack that you're using? (React? Angular? Flutter for Web? etc). Are you using the Firebase Web SDK? If so, please feel free to open an issue and provide all the necessary information, and preferably a minimal code that can reproduce the problem.

Thanks

Ehsan

[Richard Scotten]

Hi Ehsan,

Thanks for the response.  Yes, I have a Firebase project that consists of about 25 React/NextJS websites hosted on Firebase.  Yes, I'm using Firebase SDK 9.9.2.

AppCheck is used on two Apps, one App has about 25 websites.

One of the problems with running AppCheck on multiple Apps/websites is that it's impossible to see which site is experiencing the invalid requests.  See this graphic:

I don't know which website or App is having the problems.  Furthermore, there's no information on why a request is invalid or unverified.  Did the user's AppCheck token expire?  Was the request from a different domain?  Was it a bot?  Is there a problem with my website that I can fix?  Nobody knows!

I guess I'll file an issue.

RS

--
You received this message because you are subscribed to a topic in the Google Groups "google-cloud-firestore-discuss" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/google-cloud-firestore-discuss/El-imTgz7EU/unsubscribe.
To unsubscribe from this group and all its topics, send an email to google-cloud-firestor...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-cloud-firestore-discuss/27161a03-0515-4ab4-a5ac-fa38eda72942n%40googlegroups.com.

[Ehsan Nasiri]

+Wei Xi Fan for more visibility.

[Sven Jacobs]

Hello,

has this ever been resolved? We're facing the same problem: 70% (that's 833M) of Firestore AppCheck requests are invalid. We assume these are requests from Android clients while iOS works.

I triple checked the setup but have no idea what the problem could be:

* AppCheck is initialized in an AndroidX Startup Initializer so before any Firebase API is called but after Firebase.initialize()

* We're using PlayIntegrityAppCheckProviderFactory in the release build of the app

* Play Integrity API is enabled and I can see in Play Console that 99% of devices meet device integrity

* We're using App Signing and copied the SHA-256 certificate fingerprint from the Play Console into the AppCheck configuration inside the Firebase Console

I have no clue why this is not working.
Thanks for any help!

[Ehsan Nasiri]

Hi Sven,

This appears to be an AppCheck issue for Android. Please file an issue in this repository https://github.com/firebase/firebase-android-sdk and include as much details as possible (e.g. SDK version, code snippets that relate to using AppCheck, etc). We will route the GitHub issue to the right team to ensure it gets picked up.

Thanks

Ehsan