If, after you have registered your app for App Check, you want to run your app in an environment that App Check would normally not classify as valid, such as a simulator during development, or from a continuous integration (CI) environment, you can create a debug build of your app that uses the App Check debug provider instead of App Attest.
Use the debug provider in a simulator
To use the debug provider while running your app in a simulator interactively (during development, for example), do the following:
Look up the iOS API key for your project on the Credentials page of the APIs & Services section of the Google Cloud console.
In your debug build, configure App Check to use the debug provider. You'll need to specify the API key you got in the previous step.
#if targetEnvironment(simulator) GIDSignIn.sharedInstance.configureDebugProvider(withAPIKey: apiKey) { error in if let error { print("Error configuring `GIDSignIn` for App Check: \(error)") } } #else // Configure App Check for production. #endif
Launch the app. A local debug token will be logged to the Xcode console when the SDK tries to send a request to the backend. For example:
<Warning> [AppCheckCore][I-GAC004001] App Check debug token: '123a4567-b89c-12d3-e456-789012345678'.
In the App Check section of the Firebase console, choose Manage debug tokens from your app's overflow menu. Then, register the debug token you logged in the previous step.
After you register the token, Google's OAuth 2.0 endpoints will accept it as valid for your project.
Because this token allows access to your auth endpoints without a valid device, it is crucial that you keep it private. Don't commit it to a public repository, and if a registered token is ever compromised, revoke it immediately in the Firebase console.
Use the debug provider in a CI environment
To use the debug provider in a continuous integration (CI) environment, do the following:
In the App Check section of the Firebase console, choose Manage debug tokens from your app's overflow menu. Then, create a new debug token. You'll need the token in the next step.
Because this token allows access to your auth endpoints without a valid device, it is crucial that you keep it private. Don't commit it to a public repository, and if a registered token is ever compromised, revoke it immediately in the Firebase console.
Add the debug token you just created to your CI system's secure key store (for example, GitHub Actions' encrypted secrets or Travis CI's encrypted variables).
If necessary, configure your CI system to make your debug token available within the CI environment as an environment variable. Name the variable something like
APP_CHECK_DEBUG_TOKEN_FROM_CI
.In Xcode, add an environment variable to your testing scheme with the name
FIRAAppCheckDebugToken
and something like$(APP_CHECK_DEBUG_TOKEN)
as the value.Configure your CI test script to pass the debug token as an environment variable. For example:
xcodebuild test -scheme YourTestScheme -workspace YourProject.xcworkspace \ APP_CHECK_DEBUG_TOKEN=$(APP_CHECK_DEBUG_TOKEN_FROM_CI)
Look up the iOS API key for your project on the Credentials page of the APIs & Services section of the Google Cloud console.
In your debug build, configure App Check to use the debug provider. You'll need to specify the API key you got in the previous step.
#if targetEnvironment(simulator) GIDSignIn.sharedInstance.configureDebugProvider(withAPIKey: apiKey) { error in if let error { print("Error configuring `GIDSignIn` for App Check: \(error)") } } #else // Configure App Check for production. #endif
When your app runs in a CI environment, Google's OAuth 2.0 endpoints will accept the token it sends as valid for your project.