I'm trying to set up an app which uses Google Smartlock feature to fetch credentials stored in Google's password manager and automatically log in. For this, I have set up a test website, where an user can login (while browsing in Google Chrome), and if she chooses to save the password for the site, it'll be saved in Google's password manager. The sample app that I have should be able to automatically fetch the stored credentials and use them to log in to the app content page.
I have followed the documentation thoroughly.
Here's the Digital Assets file hosted at the website root :
[{
"relation": ["delegate_permission/common.get_login_creds"],
"target": {
"namespace": "web",
"site": "https://officeloginsso.azurewebsites.net"
}
},
{
"relation": ["delegate_permission/common.get_login_creds"],
"target": {
"namespace": "android_app",
"package_name": "com.mslogin.t_sopal.msloginsso",
"sha256_cert_fingerprints": [
"XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX"
]
}
},{
"relation": ["delegate_permission/common.get_login_creds"],
"target": {
"namespace": "android_app",
"package_name": "com.login.codelab.sopalsmartlock",
"sha256_cert_fingerprints": [
"XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX"
]
}
}]
The Manifest file snippet that includes the link to the json file :
<application>
<meta-data android:name="asset_statements" android:resource="#string/asset_statements" />
</application>
Strings.xml :
<string name="asset_statements" translatable="false">
[{
\"include\": \"https://officeloginsso.azurewebsites.net/.well-known/assetlinks.json\"
}]
</string>
The app has been published (with regional restriction) and the json file has been hosted, which returns response :
HTTP/1.1 200 OK
Content-Type: application/json
Despite having done these, the app still can't pick up the username/password stored through the website. Is there something I am missing here?
Per discussions in the comments, the resolution was to ensure that the asset links file matches the package and signature of a published Play Store app and that the apk being tested is signed with the same certificate as the published app (i.e., not signed from a debug / development keystore). You can use an alpha/beta channel if you want to test before releasing to a production channel.
In general, here are the things to check (some mentioned in the question):
ensure your asset links file is valid json containing both app (the Play Store package and cert fingerprint) and any associated sign-in domains (desktop, mobile web, regional domains, etc. each of which needs it's own assetlinks.json at the well-known location, but may point to a canonical copy) without a path component (e.g. no trailing slash)
check (e.g. with curl -I) that the file is served with an HTTP 200 (no redirects) from the well-known location (must be available at exactly /.well-known/assetlinks.json) with "Content-Type: application/json" header and is accessible to bots/crawlers
verify that asset_statements in the app manifest is under application and is valid escaped json and points to the asset links file in the well-known https location. The app need to be published before we can detect this, but you can use an alpha/beta channel for testing, so long as that apk has the latest version code
Once these requirements are met and the app is published in the Play Store, the association will be enabled automatically with 1-2 business days. Details of these requirements are available at https://developers.google.com/identity/smartlock-passwords/android/associate-apps-and-sites
Since you have defined the assetlinks.json in this path
https://officeloginsso.azurewebsites.net/.well-known/assetlinks.json
is very important to define into your robots.txt file this lines:
User-agent: *
Allow: /.well-known/
to allow GoogleBot access to your file:
https://officeloginsso.azurewebsites.net/.well-known/assetlinks.json
read about robots.txt.
To integrate Smart Lock for Passwords into your Android app, you must add calls to the Credentials API to your app's start-up and sign-in flow.
To retrieve credentials:
When the app starts, if no user is already signed in, call CredentialsApi.request().
If getStatus().isSuccess() returns true, get the user's credentials with getCredential() and use them to sign in.
If getStatus().isSuccess() returns false and getStatusCode() returns RESOLUTION_REQUIRED, user input is required to pick a credential. Call startResolutionForResult() to prompt the user to select a saved account, then call getParcelableExtra(Credential.EXTRA_KEY) to get the user's credentials and use them to sign in.
Note: If signing in with the retrieved credentials fails because the password is incorrect or the account doesn't exist, delete the credentials from Smart Lock.
This document shows how to integrate Smart Lock for Passwords into your Android app.
Related
I am trying to implement Android Management API in my project where the first step is to create an enterprise:
Post the Callbackurl and ProjectID to the Following URL
https://androidmanagement.googleapis.com/v1/signupUrls
I get the response name and url:
{
"name": "signupUrls/C265d41bc093bdd97",
"url": "https://play.google.com/work/adminsignup?token=someToken"
}
How can I Change this "url" parameter to my own. Do I require to upload my DPC to playstore?
I am out of guesses. please help
Thanks in advance.
The flow is this:
1) Create a Project in Google developer console, enable Android Management API, create credentials and get the project id. (I think you already done that).
2) Create a SignupUrl with signupUrls.create. (What you have done to get that JSON)
3) Keep the SignupUrl Name and redirect the user (or go) to the returned URL (inside the JSON posted).
3) Follow the procedure to create an enterprise.
This will start the creation of an enterprise to the signed Google Account.
4) At the end of the procedure you will be redirected to the callbackUrl specified inside signupUrls.create. Appended to the callbackUrl, as a GET query parameter, will be a token.
5) You must use the appended token to conclude the flow calling the API enterprises.create with these parameters:
The signup url name
The enterprise token returned as parameter
(optional) a request body with some enterprise parameters (logo, name, etc)
At the end of this coming and going between URLs and API calls, you will end with an Enterprise created on the Google Account and the enterprise ID in the form enterprise/<yourID> to interact with the API.
You can check all the Enterprise infos at the created Google Play for Work (or Managed Google Play) at http://play.google.com/work . Left menu "Administration Settings" at check your enterpriseId.
I've trying to send invitations with Firebase Invites. When select an email from a contact, Firebase says that has sent the invitation, but the email is never received.
On the console the SHA1 certicates are configurated.
The errorcode returned is always RESULT_OK and the number of invitations returned from AppInviteInvitation.getInvitationIds is correct.
The SDK is updated on gradle with the latest version, 10.0.1, like explained on the documentation.
The code that creates the invitation is:
Intent intent = new AppInviteInvitation.IntentBuilder(title)
.setMessage(msg)
.setCallToActionText(callToActionText)
.setOtherPlatformsTargetApplication(AppInviteInvitation.IntentBuilder.PlatformMode.PROJECT_PLATFORM_IOS, IOS_CLIENT_ID)
.build();
Any ideas?
I had the same problem and I managed to fix it, although I am not pretty sure what step actually helped.
It's worth specifying that in my case the email was perfectly sent when I removed the method call:
.setOtherPlatformsTargetApplication(...)
The following steps were applied:
All fields were filled on Firebase console for Android and iOS project settings (including App ID Prefix and App Store ID).
SHA-256 hashes (from debug and release keystore) were added for Firebase Android project settings:
keytool -exportcert -keystore path-to-debug-or-production-keystore -list -v
Updated google-services.json was downloaded from Firebase Android project settings and added to the application root (with GoogleServicesJson Build Action for Xamarin). So the file among others contains the following:
...
"appinvite_service": {
"status": 2,
"other_platform_oauth_client": [
{
"client_id": "1234567890-specified_ios_client_id.apps.googleusercontent.com",
"client_type": 2,
"ios_info": {
"bundle_id": "ios.app.bundle.id",
"app_store_id": "9876543210"
}
},
...
]
}
...
The specified client_id is the same in .setOtherPlatformsTargetApplication(...) method call and in google-services.json
Also Firebase Invites had been previously adjusted for the iOS project, but I don't see if it could help for the Android anyhow.
Removing .setOtherPlatformsTargetApplication(...) allowed Android to send invitations again.
When invitations are received on iOS though, they work correctly opening link with:
Gmail or Mail with app installed (opens app correctly)
They do not work properly:
Link reading email in Safari with app not installed, goes to google
play store
Link in Gmail or Mail app, with app not installed, goes to google play store
I have enabled YouTube data API and Google+ API for my project and change the Android API Key in Auth.java I also entered my playlist info into Constants.java. However I still get this unhelpful error:
com.google.api.client.googleapis.json.GoogleJsonResponseException: 403 Forbidden
{
"code": 403,
"errors": [
{
"domain": "usageLimits",
"message": "Access Not Configured. YouTube Data API has not been used in project 608941808256 before or it is disabled. Enable it by visiting https://console.developers.google.com/apis/api/youtube/overview?project=608941808256 then retry. If you enabled this API recently, wait a few minutes for the action to propagate to our systems and retry.",
"reason": "accessNotConfigured",
"extendedHelp": "https://console.developers.google.com/apis/api/youtube/overview?project=608941808256"
}
],
"message": "Access Not Configured. YouTube Data API has not been used in project 608941808256 before or it is disabled. Enable it by visiting https://console.developers.google.com/apis/api/youtube/overview?project=608941808256 then retry. If you enabled this API recently, wait a few minutes for the action to propagate to our systems and retry."
}
can some one help me please
We had the same issue. We resolved it by starting from scratch and creating a brand new API project. For some reason the existing API project didn't work. Steps to check if you have this issue:
Create a new project in the API console (click the project dropdown at the top of the window, and choose "New project").
Enable the APIs required (e.g. YouTube Data).
Go to credentials->Domain verification and enter your domain.
Fill in the OAuth consent screen, and make the "application name" the same as your project name. Also choose the scopes you will be using, add your domain, save it, and submit for verification.
Create credentials of type "OAuth2 client key->Web application" and enter the correct callback uri.
Wait a few hours.
You should now be able to test in the APIs explorer (enter your own client key).
I had the same problem here.
Besides enabling the Google+ API and the Contacts API I have also to create a new OAuth Client Key for Web applications.
When you create it you'll see that the client id will start with the Project Id that you have on the error message.
In summary you'll have to do as follow:
Create an OAuth Client Key with type web application
And the Client Id to you API
Then you should be able to authenticate.
Hope I could help.
I Solved this problem by creating a new project and then creating new credentials
I'm trying to use the "Google Identity Toolkit" with the "tutorial" android demo app, but now I get this error:
{
"error": {
"errors": [
{
"domain": "usageLimits",
"reason": "ipRefererBlocked",
"message": "There is a per-IP or per-Referer restriction configured on your API key and the request does not match these restrictions. Please use the Google Developers Console to update your API key configuration if request from this IP or referer should be allowed.",
"extendedHelp": "https://console.developers.google.com"
}
],
"code": 403,
"message": "There is a per-IP or per-Referer restriction configured on your API key and the request does not match these restrictions. Please use the Google Developers Console to update your API key configuration if request from this IP or referer should be allowed."
}
}
Any Idea? In the Google console I need allow some thing? Where?
OAuth 2.0 client IDs:
Android,
Web application
And on Identity Toolkit API console, it allow I select "Web application" client ID in Google provider.
And I have set up this in my "tutorial" app
This error is usually caused when you are trying to run the code on a URL you didn't add to the referrer URLs in the console.
To fix this go to the Google Developer Console, then under API Manager click credentials and find your browser key. On this page you can add any URLs that will be using that key.
Remember it treats www. differently, so to cover all possible pages you could do this:
.domain.com/
domain.com/*
I figured out today that there is a bug when you create a new Android API key. You will have probably noticed that there was also a Browser API key that was generated when you created the Android API key. My Browser API key had no name, and was therefore not configurable. However, I performed a bit of URL manipulation magic to be able to access and edit my Browser API key. Here's what I did:
1) Click on the name of the Android API key
2) Edit the URL right before the ? such that the number before the ? matches the (0-based) index of the position of your Browser API key. That is, if your browser api key appears second in your list of two API keys, then your Android API key would have been first, at position 0. Therefore the URL would read something like this:
.../key/0?...
So now you want to change it to look like this:
.../key/1?...
3) From here you should be able to change your allowed referrers to
http://yourdomain.com/*
Then, so long as you have your keys set up properly everything should work as expected! Also, note that after you do this once you will then have a name for your browser key, and it will be easily editable in the future!
Best of luck!
You will need to...
Create an Android API Key
Set the package name and SHA-1 of your signing key file(see gitkit guide on how to do that)
Use that API Key for the identitytoolkit.api_key value
Is it possible to view and create an index on the Google Cloud Datastore for my project, using the Google Developer Console?
If not, how can I create one via another route?
Some context: I am writing a simple Android app to store/retrieve data from the cloud datastore by customising the "Mobile Backend Starter / MBS" (that backend we are always invited to deploy when creating a new project in the dev console).
I am now at the point where the queries / filters I am specifying in my Android client are returning a "503" error stating that an index is required. I think this is because I am using a "greater than" filter in my query.
So how can I add one? Or do I have to edit the backend deployment package to do this? If so, then how can I do this e.g. view the folder MBS backend got deployed to? I had assumed MBS was a zero configuration backend - we just need to write the client, but it seems even basic query ops need an index adding so this isn't the case? I am being suggested to add an xml fragment somewhere in the IOException thrown by the list() call I'm making to CloudBackend:
com.google.api.client.googleapis.json.GoogleJsonResponseException: 503 Service Unavailable
{
"code": 503,
"errors": [
{
"domain": "global",
"message": "com.google.appengine.api.datastore.DatastoreNeedIndexException: no matching index found.\nThe suggested index for this query is:\n <datastore-index kind=\"DB\" ancestor=\"false\" source=\"manual\">\n <property name=\"_createdBy\" direction=\"asc\"/>\n <property name=\"originatingDeviceID\" direction=\"asc\"/>\n <property name=\"LastUpdatedOn\" direction=\"asc\"/>\n </datastore-index>\n\n",
"reason": "backendError"
}
... SNIP
Typically, most indexes are auto-generated when you test your application. In case it did not happen, you need to manually configure the datastore-indexes.xml file. You can read more about it at Java Datastore Index Configuration.
Thanks all for your input - for future reference here is the solution for users like me who just deploy the MBS and haven't/don't want to interact with the server-side code which should be just deploy and go.
First you download the currently deployed backend via the Google App Engine SDK tool:
appcfg.cmd --application=my-project-name download_app .
Then in WEB-INF/datastore-indexes.xml we see the auto generation of the index has been disabled in the vanilla MBS configuration.
<?xml version="1.0" encoding="utf-8"?>
<datastore-indexes autoGenerate="false">
<datastore-index kind="_CloudMessages" ancestor="false">
<property name="topicId" direction="asc"/>
<property name="_createdAt" direction="desc"/>
</datastore-index>
</datastore-indexes>
which is why my index was not getting built. You then paste in the recommended index which fortunately is included in the Java IOException message body, and upload it back to Google via:
appcfg.cmd --application=my-project-name update_indexes .
It would have been super-useful for Google Console to have some dashboard capability to manage indexes much as it has to add/delete/edit Entities, but it seems you can only inspect them.