Menu
I have followed the appcheck setup guide for android, and have run into the following problem when trying to get a token from within the app:
FirebaseException: Error returned from API. code: 403 body: App attestation failed
when invoking appcheck as s follows:
//initialize on app-start
FirebaseApp.initializeApp(applicationContext)
FirebaseAppCheck.getInstance().apply {
installAppCheckProviderFactory(
PlayIntegrityAppCheckProviderFactory.getInstance()
)
}
//get token to then use in backend calls
firebaseAppCheck
.getAppCheckToken(true)
.addOnCompleteListener {
//do something with the token
}
As HTTP 403 (forbidden) suggests a misconfiguration of access-rights, I have double checked the configuration as the documentation suggests, and wanted to narrow-down where the problem could lie, when I found myself in the following (weird) situation:
PlayIntegrityAppCheckProviderFactoryto SafetyNetAppCheckProviderFactory, I was able to retrieve a token, leading me to the assumption that not the firebase access, but rather the app integrity access fails.IntegrityManager from the play-integrity android library in a standalone fashion, I am also able to get a token, which seems to conflict with my assumption so far...I am using
Appcheck: com.google.firebase:firebase-appcheck-playintegrity:16.1.0
Play-integrity standalone: com.google.android.play:integrity:1.0.2
Anyone know what could be the cause of this? 👀
883
asked Oct 15 '25 21:10
If you are not distributed via Google Play, the Play Integrity Provider does not work with your Firebase app. Another issue may be that the registered SHA-256 key may not be the same that Google Play is using to sign your app. I would validate that you are using the app from the play store with the Google Play Signed SHA-256 fingerprint.
106
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
