Skip to content

fix(app-check): Prevent redundant exchangeToken calls in debug mode #9187

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 5 commits into from
Jul 29, 2025
Merged

fix(app-check): Prevent redundant exchangeToken calls in debug mode #9187

merged 5 commits into from
Jul 29, 2025

Conversation

nicole0707
Copy link
Contributor

@nicole0707 nicole0707 commented Jul 28, 2025
edited
Loading

This PR addresses a race condition in getToken() where multiple concurrent calls could each pass the !state.exchangeTokenPromise check before any of them had set the promise, resulting in redundant exchangeToken() network requests.

Changes

  • Moved the await getDebugToken() call before the if (!state.exchangeTokenPromise) check to ensure token preparation occurs before promise coordination logic.
  • Assigned state.exchangeTokenPromise immediately, ensuring concurrent calls share the same in-flight promise.
  • Add unit tests

Notes

Resolved #9184

@nicole0707 nicole0707 requested review from hsubox76 and a team as code owners July 28, 2025 10:23
@changeset-bot changeset-bot
Copy link

changeset-bot bot commented Jul 28, 2025
edited
Loading

⚠️ No Changeset found

Latest commit: 1d7e48d

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

@nicole0707 nicole0707 requested review from a team as code owners July 28, 2025 10:32
@hsubox76 hsubox76 changed the title fix: Prevent redundant exchangeToken calls in debug mode fix(app-check): Prevent redundant exchangeToken calls in debug mode Jul 28, 2025
hsubox76
hsubox76 reviewed Jul 28, 2025
View reviewed changes
Copy link
Contributor

@hsubox76 hsubox76 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great PR, thanks! There's one nit (typo) and you need to run yarn format and I think it should be good.

packages/app-check/src/internal-api.test.ts Outdated
const appCheck = initializeAppCheck(app, {
provider: new ReCaptchaV3Provider(FAKE_SITE_KEY)
});
const appCheckServie = appCheck as AppCheckService;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: typo -appCheckServie

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @hsubox76 , I've updated the branch.

@hsubox76 hsubox76 merged commit b9209dc into firebase:main Jul 29, 2025
31 of 33 checks passed
@hsubox76
Copy link
Contributor

Thanks again, this should go out in the next release, which is planned for Aug 7.

@nicole0707
Copy link
Contributor Author

Thanks again, this should go out in the next release, which is planned for Aug 7.

Thanks @hsubox76 🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@hsubox76 hsubox76 hsubox76 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Redundant token exchange requests when using App Check debug token with concurrent getToken() calls
2 participants
@nicole0707 @hsubox76