feat: Add Recaptcha attestation provider#94
Open
ncooke3 wants to merge 50 commits into
Open
Conversation
…Provider (#85) Signed-off-by: Nick Cooke <36927374+ncooke3@users.noreply.github.com> Co-authored-by: Paul Beusterien <paulbeusterien@google.com> Co-authored-by: Nick Cooke <nickcooke@google.com> Co-authored-by: Nick Cooke <36927374+ncooke3@users.noreply.github.com>
This comment was marked as outdated.
This comment was marked as outdated.
…a provider - Change implicitly unwrapped optionals to standard optionals or constants to prevent runtime crashes. - Handle Recaptcha SDK dynamic lookups safely without force-unwrapping. - Standardize error handling to use GACAppCheckErrorUtil and AppCheckCoreErrorDomain. - Add missing AppCheckCore imports to fix scope build errors. - Remove outdated TODO from AppCheckCore.podspec.
…d environment guidelines - Add new Communication Guidelines section prioritizing categorized bullet points and visual indicators. - Add Environment & Troubleshooting section for dealing with sandboxes, Python paths, and Ruby version conflicts. - Standardize Git & Commits guidance to encourage frequent, scoped commits.
…e provider - Add `RecaptchaEnterpriseProviderUnit` test target to SPM package. - Verify provider initialization, dynamic SDK loading, and graceful error states. - Validate API token exchange payload formatting and responses, including limited-use configurations. - Ensure strict compatibility with Objective-C `FBLPromise` and `AppCheckCoreErrorCode` APIs. - Apply standard formatting via style.sh.
ncooke3
commented
Apr 29, 2026
ncooke3
commented
Apr 29, 2026
ncooke3
commented
Apr 29, 2026
ncooke3
commented
Apr 29, 2026
ncooke3
commented
Apr 29, 2026
… guidelines - Document known compiler issues with `FBLPromise` generics in Swift bridging. - Add exact syntax workarounds for unlabeled Obj-C static methods and dynamic dispatch fallbacks. - Specify SPM target scoping requirements and `swift test --filter` syntax in TDD step.
- Deleted forwarding headers in `AppCheckCore/Sources/Core/...` - Updated imports in all Objective-C sources and tests to use `AppCheckCore/Sources/Public/AppCheckCore/...` - Verified build is successful via `swift test --list-tests`
- Added requirement for final report (summary + commit message) - Added mandate for updating agents.md with learnings - Documented fixture loading issue on macOS with SPM
- Added Step 5 for style application and Step 6 for doc formatting - Removed redundant style instructions from Quality Gates - Wrapped long lines in `agents.md` to 80 characters
ncooke3
commented
May 1, 2026
Member
Author
|
/gemini review |
ncooke3
commented
May 11, 2026
ncooke3
commented
May 11, 2026
ncooke3
commented
May 11, 2026
ncooke3
commented
May 11, 2026
| import RecaptchaInterop | ||
|
|
||
| @objc(GACRecaptchaEnterpriseProvider) | ||
| public final class AppCheckCoreRecaptchaEnterpriseProvider: NSObject, AppCheckCoreProvider { |
Member
Author
There was a problem hiding this comment.
todo: Decide whether to add platform guards.
-
Option 1: Keep it as is (No availability guards)
The provider relies on reflection to load the reCAPTCHA SDK at runtime.- Pros: Allows the provider to be used in cross-platform code (e.g., shared between iOS and macOS) without wrapping it in #if os(iOS) or if #available. It compiles on all platforms and fails gracefully at runtime if the SDK is missing.
- Cons: Developers can attempt to use it on platforms where it will never work (like macOS), and they will only find out at runtime.
-
Option 2: Add availability guards (e.g.,
@available(iOS 15.0, *))
Mark the class or initializers with explicit OS version or platform constraints.- Pros: Prevents developers from using the provider on platforms or OS versions where it is not supported, catching mistakes at compile time.
- Cons: Forces developers to use availability checks (if #available(...)) or platform checks (#if os(iOS)) in their code if they are building for multiple platforms, even though the provider itself is safe to compile everywhere due to reflection.
Member
Author
There was a problem hiding this comment.
Curious what reviewers think here?
Member
Author
There was a problem hiding this comment.
todo: Update the doc comment pending discussion.
Collaborator
There was a problem hiding this comment.
I think my personal preference would be Option 1 with the addition of - (BOOL)isSupported; to GACAppCheckProvider (and bubbling it up to FIRAppCheckProvider) before release. It'd have to be in the @optional section in FIRAppCheckProvider to avoid breaking custom providers but it would allow accurate availability checks at runtime.
Our current documentation shows this code snippet
class YourAppCheckProviderFactory: NSObject, AppCheckProviderFactory {
func createProvider(with app: FirebaseApp) -> AppCheckProvider? {
if #available(iOS 14.0, *) {
return AppAttestProvider(app: app)
} else {
return DeviceCheckProvider(app: app)
}
}
}
which, even if updated to include other Apple platforms, would return an instance of AppAttestProvider on macOS, even though it doesn't work on the platform. Being able to check AppAttestProvider.isSupported (wrapping DCAppAttestService.shared.isSupported) and RecaptchaEnterpriseProvider.isSupported (or whatever names), would allow developers to create a functional chain of fallbacks.
Co-authored-by: Nick Cooke <36927374+ncooke3@users.noreply.github.com> Signed-off-by: Nick Cooke <36927374+ncooke3@users.noreply.github.com>
ncooke3
commented
May 12, 2026
ncooke3
commented
May 12, 2026
Member
Author
There was a problem hiding this comment.
fyi: @weixifan, this is the networking layer.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Add ReCAPTCHA Enterprise Attestation Provider
Metadata
Description
This PR introduces the
RecaptchaEnterpriseProviderto the App Check SDK, enabling developers to use reCAPTCHA Enterprise for app attestation on iOS. It includes the core implementation in Swift, integration with the Objective-C core, and a comprehensive test suite.Integration Approach
The following is the approach for each package manager.
RecaptchaEnterpriseProvider). This ensures users (the firebase-ios-sdk package) only pull in theRecaptchaInteropdependency if they explicitly use this provider. Mainly, this prevents the need of creating a third target to selectively re-export both the Objective-C and Swift API.AppCheckCoretarget for iOS to maintain consistency and avoid the complexity of new pods or subspecs.Dependencies
interop-ios-for-google-sdks(specifically theRecaptchaInteropproduct) to support decoupled interaction with the reCAPTCHA Enterprise SDK.New APIs
AppCheckCoreRecaptchaEnterpriseProvider(Swift) /GACRecaptchaEnterpriseProvider(Obj-C)init(siteKey:resourceName:APIKey:requestHooks:)getToken(completion:)getLimitedUseToken(completion:)Error Handling & Edge Cases (CUJ)
GACAppCheckErrorCodeUnsupportedwith a specific, actionable message directing the developer to the setup documentation:kGACAppCheckMissingRecaptchaSDKMessage) and appliedNS_SWIFT_NAMEfor more idiomatic Swift usage.AppCheckCoreErrorCodeServerUnreachableto trigger the SDK's exponential backoff retry logic correctly.Headers Moved to Public
To allow the Swift implementation to interact with the Objective-C core, the following headers were moved to
AppCheckCore/Sources/Public/AppCheckCore:GACAppCheckAPIService.hGACAppCheckBackoffWrapper.hGACAppCheckErrorUtil.hGACURLSessionDataResponse.hTests Added
A new test target
RecaptchaEnterpriseProviderUnitwas added with 17 new tests covering:AppCheckCoreRecaptchaEnterpriseProviderTests: Verifies missing SDK handling, success flows, and limited-use token success flows.RecaptchaEnterpriseCoreAPIServiceTests: Verifies token exchange API requests and JSON body structure.RecaptchaEnterpriseCoreTokenGeneratorTests: Verifies token generation, backoff application, and error mapping.Other Changes
agents.mdto define workflow instructions for AI agents in this repo..github/workflows/spm.ymlto use theAppCheck-Packagetarget.cc: @weixifan @rlazo