I have followed the HelloEndpoints tutorial by Google where I've implemented the backend API in Java and an Android client, where I'm getting this error from. https://cloud.google.com/appengine/docs/java/endpoints/getstarted/clients/android/
I've deployed the Android app client on a physical device. When I launch the app and touch the "Sign in" button, a dialog is shown since I have two Google accounts on the phone. I choose one and then the correct email address is shown for a couple of seconds in the label before it disappears. Then I'm getting the authentication error.
Several suggested solutions are mentioned at Stackoverflow and other sites , but nothing I've tried so far has helped.
I have tried to:
Regenerate the client-id, they are the same on both client- and server side (web client id)
The android id have the correct package name at the end of the SHA1
Regenerate client libs
Update devserver (but the API is also deployed)
Shutdown on the web service from the Google Developer Console
I've set a project name and email at the so called Consent screen on the API console.
Checked so that I'm signing the app with the same debug.keystore that I used when I generated the SHA1. It is used when I build the release.
Kind regards,
Ramon
I finally solved the problem yesterday :)
On Google Developer Console, I realized that I had an Android key for Public API access, but no Android Client ID for OAuth. The only Client ID I had for OAuth was for web applications.
After I've created one for Android apps, the authentication exception were gone.
Thereafter I got another exception when I tried to invoke the method requiring the authentication. When I checked the log on Google Developer Console, the invocation wasn't even logged! Which made me think that the invocation of the method isn't correct.
When I tried to invoke the method from the web it worked. I then checked my terminal and there I saw the example#example.com mail address. So, the invocation from the Android client was sent to my local devserver even though I had the web service deployed (and the servers ip-address wasn't set in the Android code).
My next step was to shutdown the local devserver and then I re-deployed the backend API before I tested the Android client again.
Finally after these two changes I can invoke the authenticated method and get a correct response :)
Related
I'm using a Google Client Library to verify a token that is returned using Single Tap Sign In (google-api-client-1.32.2). I need to setup a proxy on my device in order to test my Android app locally. This works for a Pixel 2 device running Android 11. But it doesn't work if on a Nexus 6P running Android 8.
It is clear that the proxy is preventing the authentication from succeeding because if I disable the proxy, it works. I tried adding the domain googleapis.com to the list of domains that the proxy will ignore but that didn't help. It is possible that some other domain is also being used for authentication other than googleapis.com.
I use Charles as my proxy, but it doesn't show any domain other than googleapis.com.
Is there anything else I can try?
There was nothing wrong with the code, the proxy or anything else. This problem is the result of the same crap that has been happening for years with Android. If the app is already installed on a different device and you clear the app's cache before running the app, you are mistaken to believe that the app's setting are all cleared. Android stores the settings in the cloud in your Google Drive under the device's backup. So when you clear the cache or even reinstall the app, Android retrieves the app's settings from the backup. As a result, the JWT token that get created when you peform a sign-in use API keys that are part of the backup. But if the API keys have changed in the updated app, they will be overwritten by the backup keys.
The solution is to delete the device's backup in Google Drive. I seriously believe that this feature of storing device settings in the Cloud is one of the dumbest things I've encountered. This is not the first time this has happened.
I am trying to use phone auth from firebase and I get this error now.
Unable to process request due to missing initial state. This may happen if browser session storage is inaccessible or accidentally cleared.
This was working a week ago and no longer works.
I have solved this by registering my app with SafetyNet with SHA2. To do this follow these steps:
Get your SHA2. If you don't know how to get this, follow this tutorial:
https://www.youtube.com/watch?v=kLaNnuoqnmA
Note. This youtube link is for SHA1 but you will notice that SHA2 will be shown here if you pay attention.
Go to your Firebase Console then, go to Project Settings > App Check. You will notice your app is "Unregistered." click this to register your app.
Enter the SHA2 you copied and Accept some terms below then click Save. you will notice the "Registered" with green check icon.
Btw, this error happens on one of my devices but not on another. I also searched through this error and no one has solved this including this page. This happens in my phone authentication using firebase when getting an OTP as I send my phone number. The app tries to redirect you to a browser for Recaptcha for verification if you don't have SafetyNet. Thus, having no SafetyNet will cause your app to always be redirected for Recaptcha which sometimes causes an error. Thus, to solve this, register your app with Safety Net. to understand this, read this documentation.
https://firebase.google.com/docs/auth/android/phone-auth?authuser=0
Focus on 2. Enable App Verification and you will notice that recaptcha is just an alternative for SafetyNet.
It had on the Ionic/Angular/Capacitor app too. i.e. Android and Chrome. Firebase Auth with Microsoft Login.
So I have cleared all the chrome browser data on the Android device and then no issues. i.e. working fine now.
More workarounds: https://github.com/firebase/firebase-js-sdk/issues/4256
I experienced the issue with an iphone web app. I went into Settings -> Safari and disabled 'Prevent Cross-Site Tracking'.
I have generated an app with AWS Mobile Hub. Google Login works fine in the start. But if I give the exactly same codes to the other developer it gives the error below. Or if I refactor the package name Google Login does not work anymore even with my own computer. (With iOS google-login works fine).
I have tried to follow all the instructions but no help. I have also changed the package name for OAuth 2.0 client ID for android (console.developers.google.com).
Error message:
Google failed. Unknown (Service: google-sign-in; Status Code: 503; Error code: 503; Request ID: google-sign-in) packageName Vs applicationID Android AWS Mobile Sign-in with
Here is one solution that did not work with me:
http://mobiledevelopmenttips.blogspot.fi/2016/02/packagename-vs-applicationid-android.html?showComment=1461311778234#c2030693740616382564
Jukka,
Assuming that no other Application ID or package names have changed from your project code, this error is expected with Google Sign-in when using your debug.keystore and sharing project code.
This error occurs when the Signing-certificate fingerprint (SHA-1) of the Client ID for Android from your console.developers.google.com project DOES NOT MATCH the fingerprint of the developers that signed the app. To reproduce your error, modify the Android Client ID SHA-1 fingerprint value in the google dev console and then attempt to sign-in from your current environment.
I would expect a similar error:
com.amazon.mysampleapp E/SignInActivity:User Sign-in failed for Google
: Unknown (Service: google-sign-in; Status Code: 503; Error Code: 503;
Request ID: google-sign-in)
Issue: Each development environment has a unique debug keystore used to sign an apk. Google Sign-in restricts access to only those apps signed by a known SHA-1 signing-certificate you provided when creating the Android Client ID. The other developer has a different fingerprint, signs the apk and fails because his/her fingerprint is not associated with an Android Client ID.
Solution: Create a new Android Client ID associated with your Google Developer Console project that contains the other developers fingerprint (you can have multiple Google Client IDs within a single Google Console Project).
Note: When enabling Google Sign-in feature in your Mobile Hub project, Mobile Hub actually creates an OpenID Connect provider (accounts.google.com) in IAM on your behalf.
Within the provider, Mobile Hub adds the Android Client Id you provided as an "Audience" to the provider. Still with me?
The Android Client ID you provided is not in your generated sample code and is only used to identify the signed app attempting to make API calls directly to Google.
So, to recap the solution:
Create a new Android Client ID (within Google Dev Console) with the other developers fingerprint following the steps outlined in the side panel help documentation within the Mobile Hub console.
Log into AWS IAM Console, select "Identity Providers" > "accounts.google.com" and ADD your newly generated Android Client ID as a new "Audience". If you forget/ignore this step, you'll get status code 400 NotAuthorizedException Incorrect token audience from Cognito when attempting to sign-in.
This will not be an issue with a production app.
When you prepare to release your app on the app store(s), follow Google's suggested steps to generate a NEW final client ID for your production app and then provide that client ID to IAM as an "Audience". Once you sign the apk and release it, all users have the same signed APK and will be able to authenticate via Google Sign-in. https://support.google.com/cloud/answer/6158849?hl=en#android
Finally it started to work when I did these four things:
Created new AWS Mobile Hub project
Created new Google Credentials project and used new ids for Mobile Hub project
Refactored package name in our real application to a new name (I don't mean refactoring from com.mysampleapp package name which had been refactored earlier but we had to decide new package path for our internal use)
e.g like this com.company.myapp -> com.company.myapp2
I put back Guest Login functionality in AWS Mobile Hub
This was the last step to make it work for me but maybe this is not crucial for others who might have similar problems. We have had different options should we allow guest login during the project so that's why it was important to us.
Here's a couple things to check.
Make sure any other developer are registered as test accounts.
https://developers.google.com/games/services/console/testpub#enabling_accounts_for_testing
Make sure you're both running the app in debug mode or you're signing it with the same certificate.
https://developer.android.com/tools/publishing/app-signing.html#studio
If you change the package name, make sure you make that change in the build.gradle file, not just in the AndroidManifest.xml file.
Hopefully, if you check those issues, you'll get things going. Otherwise, I would recommend looking through Google's troubleshooting documentation.
I'm trying to implement Google Play Services following Google's documentation and I'm seeing the following when I try to connect my GameClient:
E/Volley: [4953] il.a: Unexpected response code 401 for https://www.googleapis.com/games/v1/players/me
E/Volley: [4953] il.a: Unexpected response code 401 for https://www.googleapis.com/games/v1/players/me
E/SignInIntentService: There is no linked app associated with this client ID.
I've checked that the SHA1 fingerprint of the certificate signing the APK, the SHA1 of the debug certificate, and the SHA1 given to the Google API do match up and they do. I've checked that the app id is declared in the manifest in the application item (I've taken in my case the 13 digit numerical id, not one that also includes a package). I've also checked that the test accounts I'm using are each listed in the Developer Console and they are; they're each #gmail.com too, and they include my developer address. They've each activated Google Plus.
I've tried this from an API 16 S3 device and an API 17 Google API simulator. The app's package name is correctly declared in the manifest, on the developer console and matches the API package name. The app is listed as a client of the game service, and is shown as 'ready for testing'.
In short I'm struggling to see what my mistake can be and what I've missed. I think I have everything from Google's troubleshooting addressed too. I've looked at the main questions here on StackOverflow, and they're covered. Whatever it is I'm missing is probably staring me full in the face. What can I be missing?
I got stuck on this problem for a long time until I realised that I had two strings in my app called "app_id". One from the Facebook SDK and one from Google. I renamed the Google app_id (and changed the corresponding manifest reference) and all was well.
It is POSSIBLE that you have a similar problem. If you can't see the error then I would try to write out the app_id to syslog to confirm that this is not the cause of the problem.
Incidentally, all my Google app_id s (client ids) are 12 bytes not 13, so perhaps you should start by checking that.
Good Luck !
Even after redoing everything, everything, I still encountered the same problem. However, I subsequently encountered a "This package is already in use" error message on Google API even though I had undeleted all projects and removed all clients before deleting these again.
This turned out to be a blessing: The solution to this was to recreate my debug key before adding the new fingerprint to Google API in another new client id.
And lo... my original problem went away.
I hade the same problem and for me it worked to re-link the app in Game services -> Linked apps -> Link another app.
You didn't explicitly state that the gmail accounts you're testing with are added as Google Plus users in a Google Plus community that is configured as the testing community for your app -OR- that you're using a google group as the testing community and those gmail accounts are part of that community.
If you have done those things, then it might be the issue stated here:
https://code.google.com/p/google-plus-platform/issues/detail?id=554
This answer might sound encouraging to solve your problem, but don't get your hopes up. I've done all that the original poster did, plus the things above, and I'm still stuck.
I've even followed all of the tips stated here:
Google Play Game Services - unable to sign in
And it would appear the depths of the chasm that Google lets you fall into regarding GPS is far deeper than the depths I've plumbed. Joy.
I had the same problem ,I am not sure that the following action is the one that resolved the problem but its worth the try,
Seems that I didnt had the Drive API enabled ,I had it in the enabled apis but i had to actually click the gear icon next to it and then click enable and provide the application name.
Just link the same package as many times as you have Client ID's in your Developer Console "Debug & Release Client ID's"
The thing is if you link your app to the Game Services with the wrong SHA1 fingerprint, Games Services will pick it up and associate it as the main Client ID.
Once you link the same app again to your Game Services, it will automatically pick up the other Client ID's
I had exactly the same problem, and in my case, I fixed it regenerating the API Key from the Google APIs Console. Go to Credentials, select your API key and then click on "Regenerate Key". You don't need to update anything in your code or link more apps, just regenerate and it starts working magically.
I implemented http://android-developers.blogspot.fi/2013/01/verifying-back-end-calls-from-android.html in my android application. I added a client id for the application in our development version of the google api project and made the android application ask for id_token
idToken = GoogleAuthUtil.getToken(AuthenticatorActivity.this, accountName, "audience:server:client_id:1234567890.apps.googleusercontent.com");
and all this worked quite near perfectly. Then I wanted to test if it works in production. I added a client id to the production version google api project, used it in code and rebuilt the production version app. Since then I have always gotten
GLS error: INVALID_AUDIENCE <Removed>#gmail.com audience:server:client_id:1234567890.apps.googleusercontent.com
as a response and a GoogleAuthException with the same message.
I have tried to remove and recreate the client id's one at a time (So I tested with just the development client_id and unmodified code from yesterday, same result.), I have checked that I really used correct SHA1's when creating the client id's and I have rebuilt both versions of the app and tested with multiple devices and google accounts.
Did I break the google api projects server by adding a client_id with the same android package name to both projects, or is there just something I have simply overlooked?
Edit: It seems I really broke something, as creating a new client id in a third project enables me to get the id_token again without changes to the code.
There was a bug (since fixed) with Google's handling of newly created client_ids (it didn't affect live apps, only apps just newly registered). Have you tried again in the last few days?