firebase-app-check
Integrates Firebase App Check into Flutter apps. Use when setting up App Check, selecting providers per platform, using debug providers during development, enabling enforcement, or applying App Check security best practices.
Best use case
firebase-app-check is best used when you need a repeatable AI agent workflow instead of a one-off prompt. It is especially useful for teams working in multi. Integrates Firebase App Check into Flutter apps. Use when setting up App Check, selecting providers per platform, using debug providers during development, enabling enforcement, or applying App Check security best practices.
Integrates Firebase App Check into Flutter apps. Use when setting up App Check, selecting providers per platform, using debug providers during development, enabling enforcement, or applying App Check security best practices.
Users should expect a more consistent workflow output, faster repeated execution, and less time spent rewriting prompts from scratch.
Practical example
Example input
Use the "firebase-app-check" skill to help with this workflow task. Context: Integrates Firebase App Check into Flutter apps. Use when setting up App Check, selecting providers per platform, using debug providers during development, enabling enforcement, or applying App Check security best practices.
Example output
A structured workflow result with clearer steps, more consistent formatting, and an output that is easier to reuse in the next run.
When to use this skill
- Use this skill when you want a reusable workflow rather than writing the same prompt again and again.
When not to use this skill
- Do not use this when you only need a one-off answer and do not need a reusable workflow.
- Do not use it if you cannot install or maintain the related files, repository context, or supporting tools.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/firebase-app-check/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How firebase-app-check Compares
| Feature / Agent | firebase-app-check | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Integrates Firebase App Check into Flutter apps. Use when setting up App Check, selecting providers per platform, using debug providers during development, enabling enforcement, or applying App Check security best practices.
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
SKILL.md Source
# Firebase App Check Skill
This skill defines how to correctly use Firebase App Check in Flutter applications.
## When to Use
Use this skill when:
* Setting up and activating Firebase App Check in a Flutter project.
* Selecting the right provider for each platform.
* Configuring debug providers for development and testing.
* Enabling enforcement and monitoring App Check metrics.
* Applying App Check security best practices.
---
## 1. Setup and Configuration
```
flutter pub add firebase_app_check
```
```dart
import 'package:firebase_app_check/firebase_app_check.dart';
```
Initialize App Check **after** `Firebase.initializeApp()` and **before** using any Firebase services:
```dart
await Firebase.initializeApp();
await FirebaseAppCheck.instance.activate(
webProvider: ReCaptchaV3Provider('recaptcha-v3-site-key'),
providerAndroid: AndroidPlayIntegrityProvider(),
providerApple: AppleDeviceCheckProvider(),
);
```
- Register your apps in the Firebase console under **Project Settings > App Check** before using the service.
- For web, obtain a reCAPTCHA v3 site key from the Firebase console.
- Consider setting a custom **TTL** for App Check tokens based on your security and performance needs — shorter TTLs are more secure but consume quota faster.
---
## 2. Provider Selection
**Android:**
| Provider | Use case |
|---|---|
| `AndroidPlayIntegrityProvider` | Production (default) |
| `AndroidDebugProvider` | Development / CI only |
**Apple (iOS / macOS):**
| Provider | Use case |
|---|---|
| `AppleDeviceCheckProvider` | Production default (iOS 11+, macOS 10.15+) |
| `AppleAppAttestProvider` | Enhanced security (iOS 14+, macOS 14+) |
| `AppleAppAttestProviderWithDeviceCheckFallback` | App Attest with Device Check fallback |
| `AppleDebugProvider` | Development / CI only |
**Web:**
| Provider | Use case |
|---|---|
| `ReCaptchaV3Provider` | Standard reCAPTCHA v3 |
| `ReCaptchaEnterpriseProvider` | Enhanced with additional features |
> **Android note:** For certain Android devices, enable "Meets basic device integrity" in the Google Play console to ensure proper App Check functionality.
---
## 3. Development and Testing
Use debug providers during development to run in emulators or CI environments:
```dart
await FirebaseAppCheck.instance.activate(
providerAndroid: AndroidDebugProvider('YOUR_DEBUG_TOKEN'),
providerApple: AppleDebugProvider('YOUR_DEBUG_TOKEN'),
);
```
- **iOS:** Enable debug logging by adding `-FIRDebugEnabled` to Arguments Passed on Launch in Xcode.
- **Web:** Set `self.FIREBASE_APPCHECK_DEBUG_TOKEN = true;` in `web/index.html`.
- Register debug tokens shown in the console in the Firebase console's App Check section.
- **Never** use debug providers or share debug tokens in production builds.
- Keep debug tokens private — do not commit them to public repositories.
- Revoke compromised debug tokens immediately from the Firebase console.
---
## 4. Enforcement and Monitoring
- **Monitor** App Check metrics before enabling enforcement to avoid disrupting legitimate users.
- Enable enforcement **gradually**, starting with non-critical Firebase services.
- Monitor request metrics for Realtime Database, Cloud Firestore, Cloud Storage, and Authentication.
- Once enforcement is enabled, only registered apps with valid App Check tokens can access Firebase resources.
- Use App Check **in combination with** Firebase Security Rules for comprehensive security.
- Implement proper error handling for App Check verification failures.
---
## 5. Security Best Practices
- Never disable App Check in production builds once enabled.
- Implement a fallback mechanism for App Check verification failures.
- Regularly review App Check metrics to identify potential abuse patterns.
- App Check tokens are **automatically refreshed** at approximately half the TTL duration.
- For high-security applications, use the shortest practical TTL.
- Implement server-side verification for critical operations using the Firebase Admin SDK.
---
## References
- [Firebase App Check Flutter documentation](https://firebase.google.com/docs/app-check/flutter/default-providers)
- [Firebase App Check debug provider](https://firebase.google.com/docs/app-check/flutter/debug-provider)Related Skills
firebase-storage
Integrates Firebase Cloud Storage into Flutter apps. Use when setting up Storage, uploading or downloading files, managing metadata, handling errors, or applying security rules.
firebase-remote-config
Integrates Firebase Remote Config into Flutter apps. Use when setting up Remote Config, managing parameter defaults, fetching and activating values, implementing real-time updates, or handling throttling and testing.
firebase-messaging
Integrates Firebase Cloud Messaging (FCM) into Flutter apps. Use when setting up push notifications, handling foreground/background messages, managing permissions, working with FCM tokens, or configuring platform-specific notification behavior.
firebase-in-app-messaging
Integrates Firebase In-App Messaging into Flutter apps. Use when setting up in-app messaging, triggering or suppressing messages, managing user privacy and opt-in data collection, or testing campaigns.
firebase-database
Integrates Firebase Realtime Database into Flutter apps. Use when setting up Realtime Database, structuring JSON data, querying, performing read/write operations, implementing offline capabilities, or applying security rules.
firebase-data-connect
Integrates Firebase Data Connect into Flutter apps. Use when setting up Data Connect, designing queries, handling errors, or applying security and performance best practices.
firebase-crashlytics
Integrates Firebase Crashlytics into Flutter apps. Use when setting up crash reporting, handling fatal and non-fatal errors, customizing crash reports with keys/logs/user identifiers, or configuring opt-in reporting.
firebase-cloud-functions
Calls Firebase Cloud Functions from Flutter apps. Use when setting up callable functions, passing data to functions, handling errors from function calls, optimizing performance, or testing with the Firebase Emulator Suite.
firebase-cloud-firestore
Integrates Cloud Firestore into Flutter apps. Use when setting up Firestore, designing document/collection structure, reading and writing data, working with real-time listeners, designing for scale, or applying security rules.
firebase-auth
Integrates Firebase Authentication into Flutter apps. Use when setting up auth, managing auth state, implementing email/password or social sign-in, handling auth errors, managing users, or applying security best practices.
firebase-analytics
Integrates Firebase Analytics into Flutter apps. Use when setting up analytics, logging events, setting user properties, or configuring event parameters.
firebase-ai
Integrates Firebase AI Logic into Flutter apps. Use when setting up the firebase_ai plugin, calling Gemini models, handling AI service errors, or applying security and privacy considerations for AI features.