Skip to content

Commit

Permalink
[App Check] Set limited_use request param for App Attest (#11544)
Browse files Browse the repository at this point in the history
Hardcoded the `limited_use` request parameter to `true` in App Check requests for App Attest. This requests a short-lived App Check token with a TTL of 5 minutes.

Note: This feature is only available in the `v1beta` API of App Check.
  • Loading branch information
andrewheard committed Jul 20, 2023
1 parent 81ca271 commit 71c60c8
Showing 1 changed file with 10 additions and 2 deletions.
12 changes: 10 additions & 2 deletions AppCheck/Sources/AppAttestProvider/API/GACAppAttestAPIService.m
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,7 @@
static NSString *const kRequestFieldAttestation = @"attestation_statement";
static NSString *const kRequestFieldChallenge = @"challenge";
static NSString *const kRequestFieldKeyID = @"key_id";
static NSString *const kRequestFieldLimitedUse = @"limited_use";

static NSString *const kExchangeAppAttestAssertionEndpoint = @"exchangeAppAttestAssertion";
static NSString *const kExchangeAppAttestAttestationEndpoint = @"exchangeAppAttestAttestation";
Expand All @@ -44,6 +45,11 @@
static NSString *const kJSONContentType = @"application/json";
static NSString *const kHTTPMethodPost = @"POST";

// TODO(andrewheard): Remove constant when limited-use token feature is implemented.
// Value for `kRequestFieldLimitedUse` parameter. When `limited_use` is `YES`, forces a short-lived
// token with a 5 minute TTL.
static const BOOL kLimitedUseValue = YES;

@interface GACAppAttestAPIService ()

@property(nonatomic, readonly) id<GACAppCheckAPIServiceProtocol> APIService;
Expand Down Expand Up @@ -187,7 +193,8 @@ - (nullable NSData *)randomChallengeFromResponseBody:(NSData *)response error:(N
id JSONObject = @{
kRequestFieldArtifact : [self base64StringWithData:artifact],
kRequestFieldChallenge : [self base64StringWithData:challenge],
kRequestFieldAssertion : [self base64StringWithData:assertion]
kRequestFieldAssertion : [self base64StringWithData:assertion],
kRequestFieldLimitedUse : @(kLimitedUseValue)
};

return [self HTTPBodyWithJSONObject:JSONObject];
Expand All @@ -209,7 +216,8 @@ - (nullable NSData *)randomChallengeFromResponseBody:(NSData *)response error:(N
id JSONObject = @{
kRequestFieldKeyID : keyID,
kRequestFieldAttestation : [self base64StringWithData:attestation],
kRequestFieldChallenge : [self base64StringWithData:challenge]
kRequestFieldChallenge : [self base64StringWithData:challenge],
kRequestFieldLimitedUse : @(kLimitedUseValue)
};

return [self HTTPBodyWithJSONObject:JSONObject];
Expand Down

0 comments on commit 71c60c8

Please sign in to comment.