App Check Replay Protection

[apetta]

Hi!
Would it be possible to use the app-check replay protection with this library?

[mikehardy]

Interesting - I haven't contemplated adding support for it, but I would happily merge any reasonable PR that implemented the API and wrapped the underlying native calls

This is the API to model, as we use the firebase-js-sdk API shapes: https://firebase.google.com/docs/app-check/web/custom-resource#replay-protection

[apetta]

Interesting - I haven't contemplated adding support for it, but I would happily merge any reasonable PR that implemented the API and wrapped the underlying native calls

This is the API to model, as we use the firebase-js-sdk API shapes: https://firebase.google.com/docs/app-check/web/custom-resource#replay-protection

@mikehardy Just submitted a PR. Would be great if you could have a look :)

[github-actions]

Hello 👋, to help manage issues we automatically close stale issues.

This issue has been automatically marked as stale because it has not had activity for quite some time.Has this issue been fixed, or does it still require attention?

This issue will be closed in 15 days if no further activity occurs.

Thank you for your contributions.

[mikehardy]

Not stale and neither is the PR - definitely going to happen - sorry for the delay - thank you for your patience

[JasonPan]

I seem to be getting an issue related to the work on the linked PR, is this feature still a work in progress?

I'm just trying to set up the baseline AppCheck functionality at the moment and came across this error. Led me to this issue / PR

[JasonPan]

(This is on the latest version 18.7.3, 18.6.1 seems to work okay)

[apetta]

Hmm, I was able to get it up & running on the latest version.

It might be worth opening a new issue with more details of your setup

[mikehardy]

@JasonPan You have most likely overridden your firebase-ios-sdk version, which is something we intend to clearly note is at your own risk as we will adopt new features that require new versions of the SDK from time to time.

If you override your SDK and are not using the correct minimum version of firebase-ios-sdk as we direct in our app module package.json, you will see compilation errors like this

They are an indicator that you should take your firebase-ios-sdk version override out of your Podfile (preferred) or you must bump your firebase pod versions

[mikehardy]

The feature has been merged though, and there's no further work planned. It appears to be working as intended.

[JasonPan]

Nevermind, thanks! You're right, I did just have to make sure all my RN Firebase dependencies were upgraded to the latest version, working now :)

[JasonPan]

For my reference, did this issue also tackle implementing replay protection for Firebase Cloud Function calls?

e.g. using getLimitedUseToken with functions().httpsCallable, I can't seem to find where the token can be set.

[mikehardy]

@JasonPan it is not easy to use, by my read, and the use case is specific to non-firebase resources yes - I think the firebase docs are pretty reasonable on how to use it though https://firebase.google.com/docs/app-check/web/custom-resource#replay-protection - you don't "set" the token, you send the limited use token to your non-firebase endpoint, and when that code goes to verify that the token is valid, it can also check if it's already been used, to guard against token reuse / replay

If I understand correctly