App Check debug token expires after one hour, making the app unusable

[ulian-onua]

Description

We’ve set up App Check in our app, but we’re experiencing issues with it in Debug mode.

The problem is that after launching, the app works for about an hour (the token expiration time), and then Firebase calls start returning code == 403.

We’ve configured AppCheckDebugProviderFactory and provided the FIRAAppCheckDebugToken, which is registered in the Firebase Console, in our Xcode scheme (as described here: https://firebase.google.com/docs/app-check/ios/debug-provider).

It seems that the app uses the debug token initially, but after an hour the token expires, and the system attempts to refresh it but fails.

To resolve this, we need to connect the device to Xcode and run the app through the debugger, or run the app on a simulator with the debugger attached. Sometimes even that doesn’t help — we have to delete and reinstall the app to make it work again.

Is there a way to resolve this issue and ensure stable functionality on a simulator or test device in Debug mode, without needing to connect the app to the debugger or reinstall it every hour?

Thank you for the help in advance.

Reproducing the issue

1. Use this code in the app:

 let providerFactory = AppCheckDebugProviderFactory()
 AppCheck.setAppCheckProviderFactory(providerFactory)

2. I have these settings in Xcode scheme:

3. We get this message in the Xcode console

4. Run the app through Xcode debugger and use it for an hour (or leave the app in the simulator to be opened for an hour and check in an hour). After an hour, the app stops working normally because Firestore returns 403 for all requests. Please look at "Relevant Log Output" for examples.

Firebase SDK Version

11.10.0

Xcode Version

16.3

Installation Method

Swift Package Manager

Firebase Product(s)

App Check

Targeted Platforms

iOS

Relevant Log Output

[Firebase/Crashlytics] Version 11.10.0
....
11.10.0 - [FirebaseAppCheck][I-FAA005001] Firebase App Check debug token: 'xxxxxxxxxxxxx'.

AFTER AN HOUR: 

11.10.0 - [FirebaseAuth][I-AUT000018] Error getting App Check token; using placeholder token instead. Error: Error Domain=com.google.app_check_core Code=0 "The server responded with an error:
 - URL: https://firebaseappcheck.googleapis.com/v1/projects/..../....:exchangeDebugToken
 - HTTP status code: 403
 - Response body: {
 "error": {
  "code": 403,
  "message": "App attestation failed.",
  "status": "PERMISSION_DENIED"
 }
}
" UserInfo={NSLocalizedFailureReason=The server responded with an error:
 - URL: https://firebaseappcheck.googleapis.com/v1/projects/..../....:exchangeDebugToken
 - HTTP status code: 403
 - Response body: {
 "error": {
  "code": 403,
  "message": "App attestation failed.",
  "status": "PERMISSION_DENIED"
 }
}
}

If using Swift Package Manager, the project's Package.resolved

Expand Package.resolved snippet

Replace this line with the contents of your Package.resolved.

If using CocoaPods, the project's Podfile.lock

Expand Podfile.lock snippet

Replace this line with the contents of your Podfile.lock!

[google-oss-bot]

I couldn't figure out how to label this issue, so I've labeled it for a human to triage. Hang tight.