Firebase App Check using reCAPTCHA v3
Фильм және анимация
codingcat.dev/tutorial/fireba...
0:00 - What is App Check?
2:18 - What is Protected?
3:54 - What is reCAPTCHA v3?
5:04 - Demo Setup Vite with Svelte
7:55 - Initialize Firebase
11:27 - Build and Deploy to Firebase
13:16 - Add project settings
14:54 - Include reCAPTCHA
18:48 - Update Svelte Components for Firestore
20:56 - Update Firestore Rules
24:00 - Review App Check Requests
25:00 - Initializing App Check with reCAPTCHA v3 provider
28:25 - Review existing application in App Check
30:18 - Include local debug token
33:18 - Review of domain requirments
Пікірлер: 19
Thanks a lot for the video. Much needed for me being in the early stages of the Firebase journey. really nicely explained. Until now, I always thought implementing App Check must be very difficult in code lol. Thanks again.
@CodingCatDev
7 күн бұрын
I am glad you got a lot of use from it!
thanks
I have a question, I did not do the deploy, I still have it in my local but the secret key in the appcheck does not take it, do you know if it is because I do not have the deploy? help plis
Great video thanks for the coverage
@CodingCatDev
6 ай бұрын
Glad you enjoyed it!
@jack_lion
6 ай бұрын
I have a question regarding app check and firestore rules if you wouldn’t mind hearing it. It seems that when I enforce app check it prevents authenticated users from querying data from their firestore doc. I’m assuming this is because of app check since the issue stops when I stop enforcing app check. What sorts of extra considerations should be made towards the firestore rules when enforcing app check? Thanks again in advance
@jack_lion
6 ай бұрын
Nevermind, it was a typo in the URL i entered on recaptcha lol. Problem solved
@CodingCatDev
6 ай бұрын
@@jack_lion great I am glad you were able to find it!
thank you
@CodingCatDev
8 ай бұрын
You're welcome, thanks for checking it out!
thanks a lot for your video, it was helpull to me. it's a pity that we need to add debug tokens by each develop environment.
@CodingCatDev
11 ай бұрын
It is a little painful, but hopefully worth it to keep other bad actors out :D
Thanks for the video! I have three Firebase apps. Should I create a reCAPTCHA key for each app, or can I share one key between different apps? As long as the app site domains are registered in the key, it seems to work. But from security perspective, I feel like creating a key for each app is better when it comes to analyzing users access history and utilizing more features of reCAPTCHA scoring systems and so on.
@CodingCatDev
24 күн бұрын
I would create a key per app.
you dont need to specify false on all docs, its by default implemented. If you dont have a collection/doc allowed, its by default denied.
@CodingCatDev
9 ай бұрын
Old habits, from when dbs were left open I guess.
@georgedicu6001
9 ай бұрын
a very very good security enforcement habit I would say! @@CodingCatDev BTW, awesome video!