refactor(app_check,windows): return token and expiry from Dart custom provider, clarify provider docs

The Dart FlutterApi now returns CustomAppCheckToken, a class carrying both the minted token and its wall-clock expiry in Unix epoch milliseconds, instead of just a string. This lets backends mint tokens with arbitrary lifetimes without the plugin hardcoding a refresh window, and it removes a 55-minute constant from the C++ plugin that assumed every backend mints ~1-hour tokens. Short-lived tokens for stricter posture and longer-lived tokens for fewer round-trips are both supported by the same API.

The Windows plugin's GetToken now pipes the expiry from Dart straight through to AppCheckToken.expire_time_millis, so the Firebase C++ SDK caches for the exact lifetime the backend chose.

Also updates stale provider docs on windows_providers.dart (the base and debug-provider docs previously described debug as the only supported Windows provider, which was already out of date once custom support landed) and expands WindowsCustomProvider's docs with a usage example showing a FirebaseAppCheckFlutterApi implementation.

Regenerates all Pigeon bindings (Dart, Kotlin, Swift, C++) from the updated source.

Author: lukemmtt

packages/firebase_app_check/firebase_app_check/android/src/main/kotlin/io/flutter/plugins/firebase/appcheck/GeneratedAndroidFirebaseAppCheck.g.kt

@@ -40,6 +40,36 @@ private object GeneratedAndroidFirebaseAppCheckPigeonUtils {
       )
     }
   }
+  fun deepEquals(a: Any?, b: Any?): Boolean {
+    if (a is ByteArray && b is ByteArray) {
+        return a.contentEquals(b)
+    }
+    if (a is IntArray && b is IntArray) {
+        return a.contentEquals(b)
+    }
+    if (a is LongArray && b is LongArray) {
+        return a.contentEquals(b)
+    }
+    if (a is DoubleArray && b is DoubleArray) {
+        return a.contentEquals(b)
+    }
+    if (a is Array<*> && b is Array<*>) {
+      return a.size == b.size &&
+          a.indices.all{ deepEquals(a[it], b[it]) }
+    }
+    if (a is List<*> && b is List<*>) {
+      return a.size == b.size &&
+          a.indices.all{ deepEquals(a[it], b[it]) }
+    }
+    if (a is Map<*, *> && b is Map<*, *>) {
+      return a.size == b.size && a.all {
+          (b as Map<Any?, Any?>).containsKey(it.key) &&
+          deepEquals(it.value, b[it.key])
+      }
+    }
+    return a == b
+  }
+      
 }
 
 /**
@@ -53,12 +83,70 @@ class FlutterError (
   override val message: String? = null,
   val details: Any? = null
 ) : Throwable()
+
+/**
+ * Carries a minted App Check token plus the wall-clock expiry the Firebase
+ * SDK should associate with it. Returning the expiry alongside the token lets
+ * backends mint tokens with arbitrary lifetimes (short TTLs for a stricter
+ * security posture, longer TTLs for fewer round-trips) without the plugin
+ * hardcoding a refresh window.
+ *
+ * Generated class from Pigeon that represents data sent in messages.
+ */
+data class CustomAppCheckToken (
+  /** The App Check token string to send with Firebase requests. */
+  val token: String,
+  /**
+   * Absolute expiry as Unix epoch milliseconds (UTC). The Firebase SDK uses
+   * this to decide when to refresh; a token returned with an expiry in the
+   * past is treated as immediately expired.
+   */
+  val expireTimeMillis: Long
+)
+ {
+  companion object {
+    fun fromList(pigeonVar_list: List<Any?>): CustomAppCheckToken {
+      val token = pigeonVar_list[0] as String
+      val expireTimeMillis = pigeonVar_list[1] as Long
+      return CustomAppCheckToken(token, expireTimeMillis)
+    }
+  }
+  fun toList(): List<Any?> {
+    return listOf(
+      token,
+      expireTimeMillis,
+    )
+  }
+  override fun equals(other: Any?): Boolean {
+    if (other !is CustomAppCheckToken) {
+      return false
+    }
+    if (this === other) {
+      return true
+    }
+    return GeneratedAndroidFirebaseAppCheckPigeonUtils.deepEquals(toList(), other.toList())  }
+
+  override fun hashCode(): Int = toList().hashCode()
+}
 private open class GeneratedAndroidFirebaseAppCheckPigeonCodec : StandardMessageCodec() {
   override fun readValueOfType(type: Byte, buffer: ByteBuffer): Any? {
-    return     super.readValueOfType(type, buffer)
+    return when (type) {
+      129.toByte() -> {
+        return (readValue(buffer) as? List<Any?>)?.let {
+          CustomAppCheckToken.fromList(it)
+        }
+      }
+      else -> super.readValueOfType(type, buffer)
+    }
   }
   override fun writeValue(stream: ByteArrayOutputStream, value: Any?)   {
-    super.writeValue(stream, value)
+    when (value) {
+      is CustomAppCheckToken -> {
+        stream.write(129)
+        writeValue(stream, value.toList())
+      }
+      else -> super.writeValue(stream, value)
+    }
   }
 }
 
@@ -187,15 +275,24 @@ interface FirebaseAppCheckHostApi {
     }
   }
 }
-/** Generated class from Pigeon that represents Flutter messages that can be called from Kotlin. */
+/**
+ * Dart-side handler invoked by the native plugin when the Firebase SDK needs
+ * a fresh App Check token. Implementations typically call a backend service
+ * (for example a Cloud Function with `enforceAppCheck: false`) that mints a
+ * token using the Firebase Admin SDK. The native side awaits the future,
+ * then hands the token to the Firebase SDK, which attaches it to subsequent
+ * Firebase backend requests (Firestore, Functions, Storage, Auth, RTDB).
+ *
+ * Generated class from Pigeon that represents Flutter messages that can be called from Kotlin.
+ */
 class FirebaseAppCheckFlutterApi(private val binaryMessenger: BinaryMessenger, private val messageChannelSuffix: String = "") {
   companion object {
     /** The codec used by FirebaseAppCheckFlutterApi. */
     val codec: MessageCodec<Any?> by lazy {
       GeneratedAndroidFirebaseAppCheckPigeonCodec()
     }
   }
-  fun getCustomToken(callback: (Result<String>) -> Unit)
+  fun getCustomToken(callback: (Result<CustomAppCheckToken>) -> Unit)
 {
     val separatedMessageChannelSuffix = if (messageChannelSuffix.isNotEmpty()) ".$messageChannelSuffix" else ""
     val channelName = "dev.flutter.pigeon.firebase_app_check_platform_interface.FirebaseAppCheckFlutterApi.getCustomToken$separatedMessageChannelSuffix"
@@ -207,7 +304,7 @@ class FirebaseAppCheckFlutterApi(private val binaryMessenger: BinaryMessenger, p
         } else if (it[0] == null) {
           callback(Result.failure(FlutterError("null-error", "Flutter api returned null value for non-null return value.", "")))
         } else {
-          val output = it[0] as String
+          val output = it[0] as CustomAppCheckToken
           callback(Result.success(output))
         }
       } else {

packages/firebase_app_check/firebase_app_check/ios/firebase_app_check/Sources/firebase_app_check/FirebaseAppCheckMessages.g.swift

@@ -71,11 +71,129 @@ private func nilOrValue<T>(_ value: Any?) -> T? {
   return value as! T?
 }
 
+func deepEqualsFirebaseAppCheckMessages(_ lhs: Any?, _ rhs: Any?) -> Bool {
+  let cleanLhs = nilOrValue(lhs) as Any?
+  let cleanRhs = nilOrValue(rhs) as Any?
+  switch (cleanLhs, cleanRhs) {
+  case (nil, nil):
+    return true
+
+  case (nil, _), (_, nil):
+    return false
+
+  case is (Void, Void):
+    return true
+
+  case let (cleanLhsHashable, cleanRhsHashable) as (AnyHashable, AnyHashable):
+    return cleanLhsHashable == cleanRhsHashable
+
+  case let (cleanLhsArray, cleanRhsArray) as ([Any?], [Any?]):
+    guard cleanLhsArray.count == cleanRhsArray.count else { return false }
+    for (index, element) in cleanLhsArray.enumerated() {
+      if !deepEqualsFirebaseAppCheckMessages(element, cleanRhsArray[index]) {
+        return false
+      }
+    }
+    return true
+
+  case let (cleanLhsDictionary, cleanRhsDictionary) as ([AnyHashable: Any?], [AnyHashable: Any?]):
+    guard cleanLhsDictionary.count == cleanRhsDictionary.count else { return false }
+    for (key, cleanLhsValue) in cleanLhsDictionary {
+      guard cleanRhsDictionary.index(forKey: key) != nil else { return false }
+      if !deepEqualsFirebaseAppCheckMessages(cleanLhsValue, cleanRhsDictionary[key]!) {
+        return false
+      }
+    }
+    return true
+
+  default:
+    // Any other type shouldn't be able to be used with pigeon. File an issue if you find this to be untrue.
+    return false
+  }
+}
+
+func deepHashFirebaseAppCheckMessages(value: Any?, hasher: inout Hasher) {
+  if let valueList = value as? [AnyHashable] {
+     for item in valueList { deepHashFirebaseAppCheckMessages(value: item, hasher: &hasher) }
+     return
+  }
+
+  if let valueDict = value as? [AnyHashable: AnyHashable] {
+    for key in valueDict.keys { 
+      hasher.combine(key)
+      deepHashFirebaseAppCheckMessages(value: valueDict[key]!, hasher: &hasher)
+    }
+    return
+  }
+
+  if let hashableValue = value as? AnyHashable {
+    hasher.combine(hashableValue.hashValue)
+  }
+
+  return hasher.combine(String(describing: value))
+}
+
+    
+
+/// Carries a minted App Check token plus the wall-clock expiry the Firebase
+/// SDK should associate with it. Returning the expiry alongside the token lets
+/// backends mint tokens with arbitrary lifetimes (short TTLs for a stricter
+/// security posture, longer TTLs for fewer round-trips) without the plugin
+/// hardcoding a refresh window.
+///
+/// Generated class from Pigeon that represents data sent in messages.
+struct CustomAppCheckToken: Hashable {
+  /// The App Check token string to send with Firebase requests.
+  var token: String
+  /// Absolute expiry as Unix epoch milliseconds (UTC). The Firebase SDK uses
+  /// this to decide when to refresh; a token returned with an expiry in the
+  /// past is treated as immediately expired.
+  var expireTimeMillis: Int64
+
+
+  // swift-format-ignore: AlwaysUseLowerCamelCase
+  static func fromList(_ pigeonVar_list: [Any?]) -> CustomAppCheckToken? {
+    let token = pigeonVar_list[0] as! String
+    let expireTimeMillis = pigeonVar_list[1] as! Int64
+
+    return CustomAppCheckToken(
+      token: token,
+      expireTimeMillis: expireTimeMillis
+    )
+  }
+  func toList() -> [Any?] {
+    return [
+      token,
+      expireTimeMillis,
+    ]
+  }
+  static func == (lhs: CustomAppCheckToken, rhs: CustomAppCheckToken) -> Bool {
+    return deepEqualsFirebaseAppCheckMessages(lhs.toList(), rhs.toList())  }
+  func hash(into hasher: inout Hasher) {
+    deepHashFirebaseAppCheckMessages(value: toList(), hasher: &hasher)
+  }
+}
 
 private class FirebaseAppCheckMessagesPigeonCodecReader: FlutterStandardReader {
+  override func readValue(ofType type: UInt8) -> Any? {
+    switch type {
+    case 129:
+      return CustomAppCheckToken.fromList(self.readValue() as! [Any?])
+    default:
+      return super.readValue(ofType: type)
+    }
+  }
 }
 
 private class FirebaseAppCheckMessagesPigeonCodecWriter: FlutterStandardWriter {
+  override func writeValue(_ value: Any) {
+    if let value = value as? CustomAppCheckToken {
+      super.writeByte(129)
+      super.writeValue(value.toList())
+    } else {
+      super.writeValue(value)
+    }
+  }
 }
 
 private class FirebaseAppCheckMessagesPigeonCodecReaderWriter: FlutterStandardReaderWriter {
@@ -201,9 +319,16 @@ class FirebaseAppCheckHostApiSetup {
     }
   }
 }
+/// Dart-side handler invoked by the native plugin when the Firebase SDK needs
+/// a fresh App Check token. Implementations typically call a backend service
+/// (for example a Cloud Function with `enforceAppCheck: false`) that mints a
+/// token using the Firebase Admin SDK. The native side awaits the future,
+/// then hands the token to the Firebase SDK, which attaches it to subsequent
+/// Firebase backend requests (Firestore, Functions, Storage, Auth, RTDB).
+///
 /// Generated protocol from Pigeon that represents Flutter messages that can be called from Swift.
 protocol FirebaseAppCheckFlutterApiProtocol {
-  func getCustomToken(completion: @escaping (Result<String, PigeonError>) -> Void)
+  func getCustomToken(completion: @escaping (Result<CustomAppCheckToken, PigeonError>) -> Void)
 }
 class FirebaseAppCheckFlutterApi: FirebaseAppCheckFlutterApiProtocol {
   private let binaryMessenger: FlutterBinaryMessenger
@@ -215,7 +340,7 @@ class FirebaseAppCheckFlutterApi: FirebaseAppCheckFlutterApiProtocol {
   var codec: FirebaseAppCheckMessagesPigeonCodec {
     return FirebaseAppCheckMessagesPigeonCodec.shared
   }
-  func getCustomToken(completion: @escaping (Result<String, PigeonError>) -> Void) {
+  func getCustomToken(completion: @escaping (Result<CustomAppCheckToken, PigeonError>) -> Void) {
     let channelName: String = "dev.flutter.pigeon.firebase_app_check_platform_interface.FirebaseAppCheckFlutterApi.getCustomToken\(messageChannelSuffix)"
     let channel = FlutterBasicMessageChannel(name: channelName, binaryMessenger: binaryMessenger, codec: codec)
     channel.sendMessage(nil) { response in
@@ -231,7 +356,7 @@ class FirebaseAppCheckFlutterApi: FirebaseAppCheckFlutterApiProtocol {
       } else if listResponse[0] == nil {
         completion(.failure(PigeonError(code: "null-error", message: "Flutter api returned null value for non-null return value.", details: "")))
       } else {
-        let result = listResponse[0] as! String
+        let result = listResponse[0] as! CustomAppCheckToken
         completion(.success(result))
       }
     }

packages/firebase_app_check/firebase_app_check/windows/firebase_app_check_plugin.cpp

@@ -10,7 +10,6 @@
 #include <flutter/standard_method_codec.h>
 #include <windows.h>
 
-#include <chrono>
 #include <future>
 #include <memory>
 #include <string>
@@ -99,9 +98,11 @@ class TokenStreamHandler
   std::unique_ptr<FlutterAppCheckListener> listener_;
 };
 
-// FlutterCustomAppCheckProvider — calls into Dart via the FlutterApi and
+// FlutterCustomAppCheckProvider calls into Dart via the FlutterApi and
 // completes the Firebase C++ SDK callback asynchronously when Dart returns a
-// token (or an error).
+// token (or an error). The Dart handler returns the token together with its
+// expiry, so the C++ SDK can cache for the exact lifetime the backend minted
+// rather than a hardcoded refresh window.
 FlutterCustomAppCheckProvider::FlutterCustomAppCheckProvider(
     flutter::BinaryMessenger* binary_messenger)
     : flutter_api_(
@@ -116,17 +117,10 @@ void FlutterCustomAppCheckProvider::GetToken(
                          const std::string&)>>(std::move(completion_callback));
 
   flutter_api_->GetCustomToken(
-      [completion](const std::string& token) {
+      [completion](const CustomAppCheckToken& dart_token) {
         firebase::app_check::AppCheckToken result_token;
-        result_token.token = token;
-        // Set expiry to 55 minutes from now (server mints 1-hour tokens;
-        // 5-minute buffer avoids using a nearly-expired token).
-        result_token.expire_time_millis =
-            static_cast<int64_t>(
-                std::chrono::duration_cast<std::chrono::milliseconds>(
-                    std::chrono::system_clock::now().time_since_epoch())
-                    .count()) +
-            55LL * 60LL * 1000LL;
+        result_token.token = dart_token.token();
+        result_token.expire_time_millis = dart_token.expire_time_millis();
         (*completion)(result_token, firebase::app_check::kAppCheckErrorNone,
                       "");
       },