App Check

The Firebase Admin SDK for PHP provides an API for verifying custom backends using Firebase App Check.

Before you start, please read about Firebase App Check in the official documentation:

Initializing the App Check component

With the SDK

$appCheck = $factory->createAppCheck();

With Dependency Injection (Symfony Bundle/Laravel/Lumen Package)

use Kreait\Firebase\Contract\AppCheck;

class MyService
{
    public function __construct(AppCheck $appCheck)
    {
        $this->appCheck = $appCheck;
    }
}

With the Laravel app() helper (Laravel/Lumen Package)

$appCheck = app('firebase.app_check');

Verify App Check Tokens

The Firebase Admin SDK has a built-in method for validating App Check tokens.

See https://firebase.google.com/docs/app-check/custom-resource-backend for more information.

use Kreait\Firebase\Exception\AppCheck\FailedToVerifyAppCheckToken;

$appCheckTokenString = '...';

try {
    $appCheck->verifyToken($appCheckTokenString);
} catch (FailedToVerifyAppCheckToken $e) {
    // The token is invalid
}

Create a Custom Provider

The Firebase Admin SDK has a built-in method for creating custom provider of Firebase App Check tokens. It creates a custom token and then exchanges it for Firebase App Check token that can be sent back to the client.

See https://firebase.google.com/docs/app-check/custom-provider for more information.

$token = $appCheck->createToken("com.example.app-id");