From 4ee12b9d558962b5f1dfb05bfb819d0f1c31d445 Mon Sep 17 00:00:00 2001
From: lillecca341-a11y <lillecca341@gmail.com>
Date: Sat, 3 Jan 2026 03:41:57 +0700
Subject: [PATCH] Update ApiWithAppCheckExample.kt

---
 .../example/appcheck/kotlin/ApiWithAppCheckExample.kt    | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/appcheck/app/src/main/java/com/google/firebase/example/appcheck/kotlin/ApiWithAppCheckExample.kt b/appcheck/app/src/main/java/com/google/firebase/example/appcheck/kotlin/ApiWithAppCheckExample.kt
index 88b28719a..4dcce5d33 100644
--- a/appcheck/app/src/main/java/com/google/firebase/example/appcheck/kotlin/ApiWithAppCheckExample.kt
+++ b/appcheck/app/src/main/java/com/google/firebase/example/appcheck/kotlin/ApiWithAppCheckExample.kt
@@ -39,4 +39,11 @@ class Misc {
         }
         // [END appcheck_get_limited_use_token]
     }
-}
\ No newline at end of file
+}const appCheckClaims = await getAppCheck().verifyToken(appCheckToken, { consume: true });
+
+if (appCheckClaims.alreadyConsumed) {
+    res.status(401);
+    return next('Unauthorized');
+}
+
+// If verifyToken() succeeds and alreadyConsumed is not set, okay to continue.