Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
47 changes: 47 additions & 0 deletions skills/firebase-app-check/SKILL.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,47 @@
---
name: firebase-app-check
description: >-
Enables setting up Firebase App Check for mobile and web applications to
protect backend resources from abuse. Use when configuring App Check for
iOS, Android, Web, or Flutter apps using default providers like
DeviceCheck, App Attest, Play Integrity, and reCAPTCHA.
---

# Firebase App Check

## Overview

Firebase App Check helps protect your backend resources from abuse, such as
billing fraud and phishing, by ensuring that requests originate from your
authentic app.

This skill provides guidance on setting up App Check with the default providers
for various platforms.

## Platform Setup Guides

Select the guide for your platform:

- **iOS**: See [ios.md](references/ios.md) for DeviceCheck and App Attest
setup.
- **Android**: See [android.md](references/android.md) for Play Integrity
setup.
- **Web**: See [web.md](references/web.md) for reCAPTCHA setup.
- **Flutter**: See [flutter.md](references/flutter.md) for Flutter-specific
integration.

## General Principles

- **Enforcement**: Do not enable enforcement until you have monitored metrics
and verified that legitimate users will not be blocked.
- **Debug Provider**: Always use the debug provider for local development and
CI environments to avoid depleting quotas and blocking access.

## Resources

### references/

- [ios.md](references/ios.md): iOS setup details.
- [android.md](references/android.md): Android setup details.
- [web.md](references/web.md): Web setup details.
- [flutter.md](references/flutter.md): Flutter setup details.
51 changes: 51 additions & 0 deletions skills/firebase-app-check/TEST.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,51 @@
# Firebase App Check Skill - Agent E2E Test Plan

## Prerequisites

**Read `SKILL.md` first** to understand the skill's purpose and available references.

This skill is documentation-only and does not include executable scripts or a CLI binary. Testing focuses on the agent's ability to retrieve and apply the correct information from the reference files.

---

## Test 1: iOS Setup Inquiry

**Prompt:** "I need to set up App Check for my iOS app. I'm targeting iOS 15. What provider should I use and how do I initialize it in Swift?"

**Verify:**
- The agent reads `references/ios.md`.
- The agent recommends using **App Attest** (since it's iOS 14+).
- The agent provides a Swift code snippet showing how to set `AppAttestProviderFactory`.

---

## Test 2: Android Setup Inquiry

**Prompt:** "How do I set up App Check for my Android app using the recommended provider? What do I need to do in the Google Play Console?"

**Verify:**
- The agent reads `references/android.md`.
- The agent identifies **Play Integrity** as the recommended provider.
- The agent mentions linking the Firebase project in the Google Play Console under App Integrity.

---

## Test 3: Web Setup Inquiry

**Prompt:** "I want to protect my web app with App Check using reCAPTCHA v3. How do I initialize it?"

**Verify:**
- The agent reads `references/web.md`.
- The agent provides a JavaScript code snippet using `ReCaptchaV3Provider`.
- The agent mentions that a site key is required.

---

## Test 4: Flutter Setup Inquiry

**Prompt:** "I'm building a Flutter app and want to enable App Check for Android and iOS. How do I do that in code?"

**Verify:**
- The agent reads `references/flutter.md`.
- The agent provides a Dart code snippet showing `FirebaseAppCheck.instance.activate`.
- The agent shows setting providers for both `androidProvider` and `appleProvider`.
48 changes: 48 additions & 0 deletions skills/firebase-app-check/references/android.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,48 @@
# Android App Check Setup

Cheatsheet for setting up App Check on Android.

## Provider
- **Play Integrity**: Default and recommended provider.

## Setup Steps

1. **Google Play Console**:
- Select your app.
- In **Release > App integrity**, link your Firebase project.
2. **Firebase Console**:
- Navigate to **Security > App Check**.
- Register your app with **Play Integrity**.
- Provide the SHA-256 fingerprint of your app's signing certificate.
3. **Add SDK**:
- In your `app/build.gradle`, add the dependency:
```gradle
implementation 'com.google.firebase:firebase-appcheck-playintegrity'
```
4. **Initialization**:
- Initialize App Check in your `Application` class or early in your main activity.
### Kotlin Example
```kotlin
import android.app.Application
import com.google.firebase.FirebaseApp
import com.google.firebase.appcheck.FirebaseAppCheck
import com.google.firebase.appcheck.playintegrity.PlayIntegrityAppCheckProviderFactory
class MyApplication : Application() {
override fun onCreate() {
super.onCreate()
FirebaseApp.initializeApp(this)
val firebaseAppCheck = FirebaseAppCheck.getInstance()
firebaseAppCheck.installAppCheckProviderFactory(
PlayIntegrityAppCheckProviderFactory.getInstance()
)
}
}
```

## Gotchas
- Requires Google Play services on the device.
- Daily quota of 10,000 calls for Standard tier.
- Use Debug provider for emulators.
48 changes: 48 additions & 0 deletions skills/firebase-app-check/references/flutter.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,48 @@
# Flutter App Check Setup

Cheatsheet for setting up App Check in Flutter apps.

## Platform Providers
Flutter App Check uses the default provider for each platform:
- **Android**: Play Integrity
- **iOS**: Device Check or App Attest
- **Web**: reCAPTCHA v3 or Enterprise

## Setup Steps

1. **Firebase Console**: Register your iOS, Android, and Web apps in the Firebase console under **Security > App Check** as described in the platform-specific reference files.
2. **Add Dependency**:
```bash
flutter pub add firebase_app_check
```
3. **Initialization**: Initialize App Check in your `main()` function after `Firebase.initializeApp()`.

### Flutter Example

```dart
import 'package:flutter/material.dart';
import 'package:firebase_core/firebase_core.dart';
import 'package:firebase_app_check/firebase_app_check.dart';

Future<void> main() async {
WidgetsFlutterBinding.ensureInitialized();
await Firebase.initializeApp();

await FirebaseAppCheck.instance.activate(
// Web Provider
webProvider: ReCaptchaV3Provider('your-recaptcha-v3-site-key'),

// Android Provider (Default is Play Integrity)
androidProvider: AndroidProvider.playIntegrity,

// Apple Provider (Default is Device Check)
appleProvider: AppleProvider.appAttest,
);

runApp(const MyApp());
}
```

## Gotchas
- Ensure you follow the setup steps for each platform (e.g., linking Play project, uploading `.p8` for iOS) in the Firebase console.
- See platform-specific reference files for platform-specific gotchas.
69 changes: 69 additions & 0 deletions skills/firebase-app-check/references/ios.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,69 @@
# iOS App Check Setup

Cheatsheet for setting up App Check on iOS.

## Providers
- **App Attest**: Recommended for iOS 14+. Stronger security.
- **DeviceCheck**: Fallback or for iOS 11+.

## Setup Steps

1. **Firebase Console**:
- Navigate to **Security > App Check**.
- Register your app with **DeviceCheck** or **App Attest**.
- For DeviceCheck, you need to upload a private key (`.p8` file) from Apple Developer account.
- For App Attest, you need to link your team ID.

2. **Add SDK**:
- Swift Package Manager: Add `firebase-app-check`.
- CocoaPods: `pod 'FirebaseAppCheck'`

3. **Initialization**:
- Initialize the App Check provider factory *before* calling `FirebaseApp.configure()`.

### Swift Example (App Attest)

```swift
import UIKit
import FirebaseCore
import FirebaseAppCheck

class AppDelegate: NSObject, UIApplicationDelegate {
func application(_ application: UIApplication,
didFinishLaunchingWithOptions launchOptions: [UIApplication.LaunchOptionsKey : Any]? = nil) -> Bool {
// Use AppAttestProviderFactory
let providerFactory = AppCheckDebugProviderFactory() // Use debug for simulator
// In production, use AppAttestProviderFactory
// let providerFactory = AppAttestProviderFactory()
AppCheck.setAppCheckProviderFactory(providerFactory)

FirebaseApp.configure()

return true
}
}
```

### Swift Example (DeviceCheck)

```swift
import UIKit
import FirebaseCore
import FirebaseAppCheck

class AppDelegate: NSObject, UIApplicationDelegate {
func application(_ application: UIApplication,
didFinishLaunchingWithOptions launchOptions: [UIApplication.LaunchOptionsKey : Any]? = nil) -> Bool {
let providerFactory = DeviceCheckProviderFactory()
AppCheck.setAppCheckProviderFactory(providerFactory)

FirebaseApp.configure()

return true
}
}
```

## Gotchas
- App Attest requires the `com.apple.developer.devicecheck.appattest` entitlement.
- Debug provider is needed for simulators. See `SKILL.md` for debug token instructions.
42 changes: 42 additions & 0 deletions skills/firebase-app-check/references/web.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,42 @@
# Web App Check Setup

Cheatsheet for setting up App Check on Web.

## Providers
- **reCAPTCHA v3**: Good for most web apps.
- **reCAPTCHA Enterprise**: For enterprise needs, more advanced features.

## Setup Steps

1. **Firebase Console**:
- Navigate to **Security > App Check**.
- Register your app with **reCAPTCHA v3** or **reCAPTCHA Enterprise**.
- You will need to provide a site key. If you don't have one, you can create it in the reCAPTCHA console.
2. **Add SDK**:
- Include the App Check SDK in your web app.
3. **Initialization**:
- Initialize App Check *before* using other Firebase services.

### JS Example (Modular SDK)

```javascript
import { initializeApp } from "firebase/app";
import { initializeAppCheck, ReCaptchaV3Provider } from "firebase/app-check";

const firebaseConfig = {
// ...
};

const app = initializeApp(firebaseConfig);

// Pass your reCAPTCHA v3 site key to the provider
const appCheck = initializeAppCheck(app, {
provider: new ReCaptchaV3Provider('your-recaptcha-v3-site-key'),
isTokenAutoRefreshEnabled: true // Set to true to allow auto-refresh
});
```

## Gotchas
- reCAPTCHA v3 has a monthly quota of 1M free verifications.
- reCAPTCHA Enterprise has a free tier of 10,000 assessments per month.
- Ensure your authorized domains are correctly configured in the reCAPTCHA console.
Loading