Firebase App Check Token Generation Failures #15314
Description
Description
I am experiencing several issues with the Firebase App Check service while attempting to generate app check tokens for my application. The following errors have occurred frequently:
Error: DCErrorServerUnavailable
Attempts: 4
Message: The operation couldn’t be completed. Failed to attest the validity of the generated cryptographic key.
Details: Key ID length is 44, clientDataHash = Cpl/Mf8Xtw1QAcDybmmhB2e+NmvE0yNPXpOSqk6LX3c=, system version = 18.6. This indicates a failure to contact the App Attest service during attestation.
General API Request Error
Attempts: 1
Message: The operation couldn’t be completed due to an API request error.
Error: Permission Denied (403)
Attempts: 1
Message: The operation couldn’t be completed. Too many attempts.
Details: The server responded with an error from the following URL: https://firebaseappcheck.googleapis.com/v1/projects/android-customer-8d863/apps/1:544176130330:ios:819589c76c49dfb3a484a3:exchangeAppAttestAssertion. The HTTP status code is 403, with the message: "App attestation failed."
Our AppCheck implementation:
// Maximum attempts for failure: 3 times
func getAppCheckToken(forcingRefresh: Bool, attempts: Int = 3, completion: @escaping (String?, Error?) -> Void) {
appCheck().token(forcingRefresh: forcingRefresh) { [weak self] result, error in
if let error = error {
guard let self = self else {
completion(nil, nil)
return
}
if attempts >= 1 {
self.retryAppCheckTokenWithDelay(
forAttempts: attempts - 1,
forcingRefresh: forcingRefresh,
completion: completion
)
} else {
completion(nil, error)
}
self.nonFatalLoggerClosure(error, 4 - attempts) // Log with attempt count
} else if let firebaseToken = result?.token {
completion(firebaseToken, nil)
} else {
completion(nil, nil)
}
}
}
private func retryAppCheckTokenWithDelay(forAttempts attempts: Int, forcingRefresh: Bool, completion: @escaping (String?, Error?) -> Void) {
self.queueManager.asyncAfter(deadline: .now() + 1.0,
qos: .unspecified,
flags: [],
execute: { [weak self] in
guard let self else {
completion(nil, nil)
return
}
self.getAppCheckToken(forcingRefresh: forcingRefresh,
attempts: attempts,
completion: completion)
})
}
After integrating the App Check feature into my application, these issues have resulted in 374,266 non-fatal events affecting 29,175 users. This volume of errors is concerning, and I would appreciate your assistance in resolving these issues.
Reproducing the issue
Unsure specifically what's causing the issue but rolling out AppCheck into production caught a large minority of users who have this issue.
Firebase SDK Version
11.13.0
Xcode Version
16.2
Installation Method
CocoaPods
Firebase Product(s)
App Check, Analytics, Crashlytics, Database, DynamicLinks, Remote Config, Performance
Targeted Platforms
iOS
Relevant Log Output
{ "attempts" : "4", "error" : "The operation couldn’t be completed. Failed to attest the validity of the generated cryptographic key (`attestKey:clientDataHash:completionHandler:`); keyId.length = 44, clientDataHash = Cpl\/Mf8Xtw1QAcDybmmhB2e+NmvE0yNPXpOSqk6LX3c=, systemVersion = 18.6; DCErrorServerUnavailable - An error that indicates a failed attempt to contact the App Attest service during an attestation.", "domain" : "appcheck.token.failed" }
{ "error" : "The operation couldn’t be completed. Too many attempts. Underlying error: The operation couldn’t be completed. The server responded with an error: \n - URL: https:\/\/firebaseappcheck.googleapis.com\/v1\/projects\/android-customer-8d863\/apps\/1:544176130330:ios:819589c76c49dfb3a484a3:exchangeAppAttestAssertion \n - HTTP status code: 403 \n - Response body: \{\n \"error\": {\n \"code\": 403,\n \"message\": \"App attestation failed.\",\n \"status\": \"PERMISSION_DENIED\"\n }\n}
\n", "attempts" : "1", "domain" : "appcheck.token.failed" }