Use App Check with the debug provider with C++

After you have registered your app for App Check, your app normally won't run on desktop platforms, in an emulator, or from a continuous integration (CI) environment, since those environments don't qualify as valid devices. If you want to run your app in such an environment during development and testing, you can create a debug build of your app that uses the App Check debug provider instead of a real attestation provider.

Configuration via code

To use the debug provider while running your app (during development, for example), do the following:

  1. In the App Check section of the Firebase console, choose Manage debug tokens from your app's overflow menu. Then, create a new debug token. You'll need the token in the next step.

    Because this token allows access to your Firebase resources without a valid device, it is crucial that you keep it private. Don't commit it to a public repository, and if a registered token is ever compromised, revoke it immediately in the Firebase console.

    Screenshot of the Manage Debug Tokens menu item

  2. In your initialization code, do the following:

    #include "firebase/app_check.h"
    
    void InitializeFirebase() {
      // Configure the Debug Provider factory with your debug token.
      firebase::app_check::DebugAppCheckProviderFactory::GetInstance()
        ->SetDebugToken("INSERT YOUR DEBUG TOKEN HERE");
    
      // Set App Check to use the debug provider factory
      firebase::app_check::AppCheck::SetAppCheckProviderFactory(
        firebase::app_check::DebugAppCheckProviderFactory::GetInstance());
    
      // Proceed to initialize Firebase as normal
    }
    

Other configuration options

Other configuration options are available based on platform, for example using the platforms environment variables. For more information, refer to the iOS+ or Android debug provider documentation.

Because this token allows access to your Firebase resources without a valid device, it is crucial that you keep it private. Don't commit it to a public repository, and if a registered token is ever compromised, revoke it immediately in the Firebase console.