Skip to content

feat: Add Recaptcha attestation provider#94

Merged
ncooke3 merged 71 commits into
mainfrom
nc/target-split
Jun 9, 2026
Merged

feat: Add Recaptcha attestation provider#94
ncooke3 merged 71 commits into
mainfrom
nc/target-split

Conversation

@ncooke3

@ncooke3 ncooke3 commented Apr 22, 2026
edited
Loading

Copy link
Copy Markdown
Member

Add ReCAPTCHA Enterprise Attestation Provider

Metadata

Description

This PR introduces the RecaptchaEnterpriseProvider to the App Check SDK, enabling developers to use reCAPTCHA Enterprise for app attestation on iOS. It includes the core implementation in Swift, integration with the Objective-C core, and a comprehensive test suite.

Integration Approach

The following is the approach for each package manager.

  • Swift Package Manager (SPM): Followed a Modular Path. The provider is exposed as a separate library product (RecaptchaEnterpriseProvider). This ensures users (the firebase-ios-sdk package) only pull in the RecaptchaInterop dependency if they explicitly use this provider. Mainly, this prevents the need of creating a third target to selectively re-export both the Objective-C and Swift API.
  • CocoaPods: Followed a Monolithic Path. The sources are included in the main AppCheckCore target for iOS to maintain consistency and avoid the complexity of new pods or subspecs.

Dependencies

  • Added a new dependency on interop-ios-for-google-sdks (specifically the RecaptchaInterop product) to support decoupled interaction with the reCAPTCHA Enterprise SDK.

New APIs

  • AppCheckCoreRecaptchaEnterpriseProvider (Swift) / GACRecaptchaEnterpriseProvider (Obj-C)
    • init(siteKey:resourceName:APIKey:requestHooks:)
    • getToken(completion:)
    • getLimitedUseToken(completion:)

Error Handling & Edge Cases (CUJ)

  • Missing reCAPTCHA SDK in Production: If the SDK is not linked in a release build, the provider returns GACAppCheckErrorCodeUnsupported with a specific, actionable message directing the developer to the setup documentation:

    "The reCAPTCHA Enterprise SDK is not linked. See https://cloud.google.com/recaptcha/docs/instrument-ios-apps#prepare-environment"

  • Swift Interoperability: Consolidated the missing SDK error message into a centralized constant (kGACAppCheckMissingRecaptchaSDKMessage) and applied NS_SWIFT_NAME for more idiomatic Swift usage.
  • Network/Server Errors: Specific reCAPTCHA errors (network and internal) are mapped to AppCheckCoreErrorCodeServerUnreachable to trigger the SDK's exponential backoff retry logic correctly.

Headers Moved to Public

To allow the Swift implementation to interact with the Objective-C core, the following headers were moved to AppCheckCore/Sources/Public/AppCheckCore:

  • GACAppCheckAPIService.h
  • GACAppCheckBackoffWrapper.h
  • GACAppCheckErrorUtil.h
  • GACURLSessionDataResponse.h

Tests Added

A new test target RecaptchaEnterpriseProviderUnit was added with 17 new tests covering:

  • AppCheckCoreRecaptchaEnterpriseProviderTests: Verifies missing SDK handling, success flows, and limited-use token success flows.
  • RecaptchaEnterpriseCoreAPIServiceTests: Verifies token exchange API requests and JSON body structure.
  • RecaptchaEnterpriseCoreTokenGeneratorTests: Verifies token generation, backoff application, and error mapping.

Other Changes

  • Added agents.md to define workflow instructions for AI agents in this repo.
  • Updated .github/workflows/spm.yml to use the AppCheck-Package target.

cc: @weixifan @rlazo

@hiteshmaurya56 @paulb777 @ncooke3
WIP: Creates new targets AppCheckCoreProvider and RecaptchaEnterprise…
6154bfb 
…Provider (#85)

Signed-off-by: Nick Cooke <36927374+ncooke3@users.noreply.github.com>
Co-authored-by: Paul Beusterien <paulbeusterien@google.com>
Co-authored-by: Nick Cooke <nickcooke@google.com>
Co-authored-by: Nick Cooke <36927374+ncooke3@users.noreply.github.com>
@google-cla

This comment was marked as outdated.

Sign in to view
ncooke3 and others added 10 commits April 22, 2026 15:52
@ncooke3
moves
01170d0
@ncooke3
todos
0f548c2
@ncooke3
fixes
eb4effd
@ncooke3
fix custom action name
bfb35e3
@ncooke3
umbrella header fixes
157bd6d
@ncooke3
Add agents workflow guide
a3ee169
@ncooke3
fix(recaptcha): improve safety and fix compilation issues in Recaptch…
5ac8a38 
…a provider

- Change implicitly unwrapped optionals to standard optionals or constants to prevent runtime crashes.
- Handle Recaptcha SDK dynamic lookups safely without force-unwrapping.
- Standardize error handling to use GACAppCheckErrorUtil and AppCheckCoreErrorDomain.
- Add missing AppCheckCore imports to fix scope build errors.
- Remove outdated TODO from AppCheckCore.podspec.
@ncooke3
fix(recaptcha): improve safety and fix compilation issues in Recaptch…
4c6523e 
…a provider
@ncooke3
docs(agent-workflow): enforce highly scannable communication style an…
95bc4c5 
…d environment guidelines

- Add new Communication Guidelines section prioritizing categorized bullet points and visual indicators.
- Add Environment & Troubleshooting section for dealing with sandboxes, Python paths, and Ruby version conflicts.
- Standardize Git & Commits guidance to encourage frequent, scoped commits.
@ncooke3
test(recaptcha): add comprehensive unit tests for Recaptcha Enterpris…
83e6937 
…e provider

- Add `RecaptchaEnterpriseProviderUnit` test target to SPM package.
- Verify provider initialization, dynamic SDK loading, and graceful error states.
- Validate API token exchange payload formatting and responses, including limited-use configurations.
- Ensure strict compatibility with Objective-C `FBLPromise` and `AppCheckCoreErrorCode` APIs.
- Apply standard formatting via style.sh.
ncooke3
ncooke3 commented Apr 29, 2026
View reviewed changes
Comment thread AppCheckCore/Sources/Core/APIService/GACAppCheckAPIService.h Outdated
ncooke3
ncooke3 commented Apr 29, 2026
View reviewed changes
Comment thread AppCheckCore/Sources/Core/APIService/GACURLSessionDataResponse.h Outdated
ncooke3
ncooke3 commented Apr 29, 2026
View reviewed changes
Comment thread AppCheckCore/Sources/Core/Errors/GACAppCheckErrorUtil.h Outdated
ncooke3
ncooke3 commented Apr 29, 2026
View reviewed changes
Comment thread RecaptchaEnterpriseProvider/Sources/RecaptchaEnterpriseCoreTokenGenerator.swift Outdated
ncooke3
ncooke3 commented Apr 29, 2026
View reviewed changes
Comment thread Package.swift Outdated
ncooke3 added 4 commits April 29, 2026 11:28
@ncooke3
docs(agent-workflow): add Swift/Obj-C bridging best practices and TDD…
71a5698 
… guidelines

- Document known compiler issues with `FBLPromise` generics in Swift bridging.
- Add exact syntax workarounds for unlabeled Obj-C static methods and dynamic dispatch fallbacks.
- Specify SPM target scoping requirements and `swift test --filter` syntax in TDD step.
@ncooke3
refactor: remove forwarding headers and update imports to public headers
0d638f2 
- Deleted forwarding headers in `AppCheckCore/Sources/Core/...`
- Updated imports in all Objective-C sources and tests to use `AppCheckCore/Sources/Public/AppCheckCore/...`
- Verified build is successful via `swift test --list-tests`
@ncooke3
docs: update agents.md with workflow refinements and troubleshooting
99b009e 
- Added requirement for final report (summary + commit message)
- Added mandate for updating agents.md with learnings
- Documented fixture loading issue on macOS with SPM
@ncooke3
docs: refine agents.md with explicit steps and line wrapping
1eecc52 
- Added Step 5 for style application and Step 6 for doc formatting
- Removed redundant style instructions from Quality Gates
- Wrapped long lines in `agents.md` to 80 characters
ncooke3
ncooke3 commented May 1, 2026
View reviewed changes
Comment thread Package.swift
@ncooke3

ncooke3 commented May 1, 2026

Copy link
Copy Markdown
Member Author

/gemini review

@ncooke3 ncooke3 mentioned this pull request May 1, 2026
Merged
ncooke3
ncooke3 commented May 22, 2026
View reviewed changes
Comment thread Package.swift
ncooke3 added 3 commits May 22, 2026 15:07
@ncooke3
remove unneeded dep
4ddab29
@ncooke3
remove unneeded target stuff
5db821c
@ncooke3
refactor: Rename RecaptchaEnterprise to Recaptcha
23bd67d 
Rename all types and files with the RecaptchaEnterprise substring to instead be Recaptcha.
@paulb777

paulb777 commented May 28, 2026

Copy link
Copy Markdown
Member

Looks like the repo ci infra needs updates

@ncooke3 ncooke3 requested a review from paulb777 May 28, 2026 21:49
@ncooke3 ncooke3 requested a review from paulb777 June 9, 2026 18:51
ncooke3
ncooke3 commented Jun 9, 2026
View reviewed changes

@ncooke3 ncooke3 left a comment

Copy link
Copy Markdown
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Self

Comment thread AppCheckRecaptchaProvider/Sources/Public/AppCheckRecaptchaProvider.swift Outdated
@ncooke3
Update AppCheckRecaptchaProvider/Sources/Public/AppCheckRecaptchaProv…
15fa108 
…ider.swift

Signed-off-by: Nick Cooke <36927374+ncooke3@users.noreply.github.com>
ncooke3
ncooke3 commented Jun 9, 2026
View reviewed changes
Comment thread AppCheckRecaptchaProvider/Sources/Public/AppCheckRecaptchaProvider.swift Outdated
@ncooke3
Update AppCheckRecaptchaProvider/Sources/Public/AppCheckRecaptchaProv…
c115953 
…ider.swift

Signed-off-by: Nick Cooke <36927374+ncooke3@users.noreply.github.com>
@ncooke3 ncooke3 merged commit f6b4582 into main Jun 9, 2026
24 checks passed
@ncooke3 ncooke3 deleted the nc/target-split branch June 9, 2026 20:44
@ncooke3

ncooke3 commented Jun 9, 2026

Copy link
Copy Markdown
Member Author

Created CocoaPods-11.3.0 tag and staged the podspec to SpecsStaging: firebase/SpecsStaging@780b6af

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@paulb777 paulb777 paulb777 approved these changes

@andrewheard andrewheard Awaiting requested review from andrewheard

@daymxn daymxn Awaiting requested review from daymxn

@weixifan weixifan Awaiting requested review from weixifan

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@ncooke3 @paulb777 @andrewheard @hiteshmaurya56