My android app is backed by an App-Engine server. All good. Now I need to have a dev/staging server that I can use for testing. So I go with the obvious: create two App-Engine projects: one for production, one for development. Part of the process as you know is to add credentials to each project. The problem I am running into is that I cannot register my android app with both projects because the app fingerprint can only be used in one project. So how do I add a dev project when I need credentials for, say, OAuth?
Use a different signing key for the two different versions of the app. You should be able to then register the app with each as it is the combination of the app package name and the signing key fingerprint which is used for the OAuth credentials.
Related
My application has many flavor that has different application id. I want to register these applications to create to Firebase project.
I want to automate below process:
Create android application in Firebase project.
Enable crashlytics for the applitaion.
Download google-service.json of the project.
Firebase Management API seems to be able to first one, but other can't. I try using puppeteer to control Firebase console in browser, but google prevent to log in by automated browser.
Is there any other solution?
To download google-services.json, you can call projects.androidApps.getConfig from the management API.
For the second one, it's currently not possible. Contact Firebase support to file a feature request.
I have integrated Google login in my Android application before one month. Now I am planning to launch another application with different package name. I am trying to implement Google login in this application too.
When I have generated and pasted SHA 1 to google and its giving error like below
Duplicate fingerprint
The fingerprint you specified is already used by an Android OAuth2 client ID in this project or another project
I want know that SHA 1 is same for all project in same machine even We change package name in application ?
What is solution for use Google login in another application ? I am confused because Google ask package name with Google Auth. I have marked that in new package also Google signin working fine but it will cause issue in future ?
Every app has a different SHA key fingerprint. You need to update it for every project that you make.
For Example: If I am updating my app and I create a new project, ill have to add another SHA key to the firebase project under the settings of the app in firebase.
I have generated an app with AWS Mobile Hub. Google Login works fine in the start. But if I give the exactly same codes to the other developer it gives the error below. Or if I refactor the package name Google Login does not work anymore even with my own computer. (With iOS google-login works fine).
I have tried to follow all the instructions but no help. I have also changed the package name for OAuth 2.0 client ID for android (console.developers.google.com).
Error message:
Google failed. Unknown (Service: google-sign-in; Status Code: 503; Error code: 503; Request ID: google-sign-in) packageName Vs applicationID Android AWS Mobile Sign-in with
Here is one solution that did not work with me:
http://mobiledevelopmenttips.blogspot.fi/2016/02/packagename-vs-applicationid-android.html?showComment=1461311778234#c2030693740616382564
Jukka,
Assuming that no other Application ID or package names have changed from your project code, this error is expected with Google Sign-in when using your debug.keystore and sharing project code.
This error occurs when the Signing-certificate fingerprint (SHA-1) of the Client ID for Android from your console.developers.google.com project DOES NOT MATCH the fingerprint of the developers that signed the app. To reproduce your error, modify the Android Client ID SHA-1 fingerprint value in the google dev console and then attempt to sign-in from your current environment.
I would expect a similar error:
com.amazon.mysampleapp E/SignInActivity:User Sign-in failed for Google
: Unknown (Service: google-sign-in; Status Code: 503; Error Code: 503;
Request ID: google-sign-in)
Issue: Each development environment has a unique debug keystore used to sign an apk. Google Sign-in restricts access to only those apps signed by a known SHA-1 signing-certificate you provided when creating the Android Client ID. The other developer has a different fingerprint, signs the apk and fails because his/her fingerprint is not associated with an Android Client ID.
Solution: Create a new Android Client ID associated with your Google Developer Console project that contains the other developers fingerprint (you can have multiple Google Client IDs within a single Google Console Project).
Note: When enabling Google Sign-in feature in your Mobile Hub project, Mobile Hub actually creates an OpenID Connect provider (accounts.google.com) in IAM on your behalf.
Within the provider, Mobile Hub adds the Android Client Id you provided as an "Audience" to the provider. Still with me?
The Android Client ID you provided is not in your generated sample code and is only used to identify the signed app attempting to make API calls directly to Google.
So, to recap the solution:
Create a new Android Client ID (within Google Dev Console) with the other developers fingerprint following the steps outlined in the side panel help documentation within the Mobile Hub console.
Log into AWS IAM Console, select "Identity Providers" > "accounts.google.com" and ADD your newly generated Android Client ID as a new "Audience". If you forget/ignore this step, you'll get status code 400 NotAuthorizedException Incorrect token audience from Cognito when attempting to sign-in.
This will not be an issue with a production app.
When you prepare to release your app on the app store(s), follow Google's suggested steps to generate a NEW final client ID for your production app and then provide that client ID to IAM as an "Audience". Once you sign the apk and release it, all users have the same signed APK and will be able to authenticate via Google Sign-in. https://support.google.com/cloud/answer/6158849?hl=en#android
Finally it started to work when I did these four things:
Created new AWS Mobile Hub project
Created new Google Credentials project and used new ids for Mobile Hub project
Refactored package name in our real application to a new name (I don't mean refactoring from com.mysampleapp package name which had been refactored earlier but we had to decide new package path for our internal use)
e.g like this com.company.myapp -> com.company.myapp2
I put back Guest Login functionality in AWS Mobile Hub
This was the last step to make it work for me but maybe this is not crucial for others who might have similar problems. We have had different options should we allow guest login during the project so that's why it was important to us.
Here's a couple things to check.
Make sure any other developer are registered as test accounts.
https://developers.google.com/games/services/console/testpub#enabling_accounts_for_testing
Make sure you're both running the app in debug mode or you're signing it with the same certificate.
https://developer.android.com/tools/publishing/app-signing.html#studio
If you change the package name, make sure you make that change in the build.gradle file, not just in the AndroidManifest.xml file.
Hopefully, if you check those issues, you'll get things going. Otherwise, I would recommend looking through Google's troubleshooting documentation.
I am trying to follow instructions here:
Verifying Back-End Calls from Android Apps
I'm expanding on the question I asked here:
identifying which android app is making contact with my appengine app
all was going well in my test environment. I had a debug.keystore that my app was using in eclipse, and I even received tokens from my calls to GoogleAuthUtil.getToken(). Then I copied my code to the actual project that it will be used in. I got the keystore (I had saved it from previous publishing on google play) and used it to create a new client ID on the Google APIs Console.
Then I use eclipse to export my project, but after using the right keystore and the associated ID, I am not getting tokens.
Meanwhile I've been trying different things. I had an ID that I made for my app engine app. I used that in the android app and I was given a token. I don't know weather or not that particular token would be cleared when I checked it on my app engine site (I suspect not) but I got a token from it.
I'm kinda assuming that the ID that I'm supposed to use with my android call to GoogleAuthUtil.getToken() is supposed to be from the 'Client ID for installed applications' section (of the Google API page). Is this not so? Only there can you set the application type to 'Android' and the package name to match your application... right?
I assume you're specifying a client_id using the format:
audience:server:client_id:$client_id
This client_id, as the format above tries to hint, is for your home server, in this case the AppEngine app's client_id (a web application client_id). It should verify nicely in AppEngine if you configure your AppEngine app properly.
Again, your Android app asks for a token and names your AppEngine App. You don't need to name your Android app's client_id in the request because the Android platform can recognize your app based on the package name and certificate hash you computed using the keystore tool.
I want to use googleplus API for my Android application.
Can I share my googeplus Client ID and API keys in menifest.xml file without any security being compromised?
Can somebody do some malicious activity using this information?
They could exhaust your API call quota by impersonating your app. Then your app will stop working (either temporarily or permanently if they ban your key). That said, for your app to work, they need to be inside the app, so you have to put them there. You might try to obfuscate them somewhat to make them less obvious.
There's a better way to setup client authentication in Android than using the simple API key. Full instructions are available from the Google+ Platform for Android page. At a high level, the following steps are taken:
Create a client ID for Android using your package name and a signing fingerprint from your Android keystore. This will protect your application because only you can sign your apps.
Use the Google Play Services SDK to perform operations against the Google+ API.
You will not need to authenticate in the same sense that you would for Web applications because your package and its certificate are sufficient to identify your application. For this reason, you will need a unique package per application.