Cloud Functions are not executed due to App Check validation error "invalid" #6224
Description
Can we access your project?
- I give permission for members of the FlutterFlow team to access and test my project for the sole purpose of investigating this issue.
Current Behavior
Hello!
I report this here again because after taking to support, the instructions that they gave me are not solving the problem:
- Previous github report: App Check token validation failing on new FlutterFlow-generated APKs #6149
- Community Get Help: https://community.flutterflow.io/ask-the-community/post/cloud-functions-failing-due-to-app-check-token-is-invalid-not-executed-bP7LcZumHKyG6jz
Summary: Since the last Flutterflow update, all my Cloud Functions are not executed due to an App Check validation issue: See console log error:
Failed to validate AppCheck token. FirebaseAppCheckError: Decoding App Check token failed. Make sure you passed the entire string JWT which represents the Firebase App Check token.
My app was not registered in App Check and not enforced at all.
Before: the app validation was "missing" (and the cloud function was executed)
Now: the app validation is "invalid" (and the cloud function is NOT executed)
I followed all support instructions, but nothing has changed.
Please, could you check why Flutterflow is sending the App Check token even when is not expected?
Thanks,
Expected Behavior
Cloud Function execution with no issues
Steps to Reproduce
I followed carefully all support instructions:
Extract Fingerprints from the New, Failing APK:
Ensure you are using the SHA-1 (and ideally SHA-256) fingerprints from the APK you downloaded after the FlutterFlow update (the one that is currently failing). It's crucial that these match what FlutterFlow is signing your new builds with.
(As discussed before: rename .apk to .zip, extract, go to META-INF, use keytool -printcert -file CERT.RSA).
Register Your Android App in Firebase App Check (Carefully):
Go to your Firebase Console -> App Check -> Apps tab.
If you have any existing Android app entries for this project, consider deleting them and starting fresh to avoid confusion.
Click "Add app" (Android icon).
Package Name: Copy-paste the exact package name from your FlutterFlow project (Settings (gear icon) -> General -> Package Name). It must be perfect.
SHA-1 Certificate Fingerprint: Paste the SHA-1 you extracted from the new, failing APK.
SHA-256 Certificate Fingerprint (Optional but Recommended): Also add the SHA-256 from the same APK.
Choose Provider: For Android, select Play Integrity API. This is the modern, robust choice. Follow any instructions it gives you regarding linking to Google Play Console. If you don't plan to use Google Play Console, you might temporarily use SafetyNet Attestation API instead, but Play Integrity is the future.
Do NOT click "Enforce" after registering. Just register the app.
Wait for Propagation:
After adding the app and its fingerprints, wait at least 15-30 minutes for the changes to propagate across Firebase's systems.
Re-download APK from FlutterFlow:
Once you've waited, go back to FlutterFlow.
Perform a Clear Cache browser & Download APK from the menu. This ensures FlutterFlow builds your app with the updated configuration in mind and you get a fresh APK.
Reproducible from Blank
- The steps to reproduce above start from a blank project.
Bug Report Code (Required)
xxxx
Visual documentation
Environment
- FlutterFlow version: Last one from the 9th of July
- Platform: Only affect downloaded .apk and Android apps deployed to Google PlayAdditional Information
I cannot send to production my app that it's ready since a few weeks ago as all the app uses cloud functions to work. I've spent more than 40 hours to solve it and it's consuming so much resources and effort.