I created an application that displays emergency numbers and allows the user to add their own emergency numbers to the list.
I also created a web application project to handle the server part of the app.
I can run it locally, but I need to store it globally on the GAE.
I am aware that I need an application ID, but how do I link my android application to that web application that I have deployed?
Do I need to insert the API key somewhere and switch on any services?
Its not creating my numbers now if I deploy so I know Im doing it wrong. Please please help.
In the Api Console you need to enable the "Google Cloud Messaging For Android" service.
Then, In "API Access" tab, you need to add a Server Key, and an Android Key (actually two android keys - one for debug and one later for the released version - don't forget that!)
Then in the Endpoint classes you need to add the following to the #Api annotation:
clientIds - The Ids of the Android Client Keys
audiences - The "Client ID for web applications"
Which will eventually look like this:
#Api(name = "endpoint_name"
clientIds = {"porject_number-android_debug_key.apps.googleusercontent.com",
"porject_number-android_release_key.apps.googleusercontent.com"},
audiences = {"project_number.apps.googleusercontent.com"})
Above the class declaration.
Related
We are developing an SDK for developers which in core depends on Firebase to get tokens, therefore we are using FirebaseOptions to initialize our firebaseInstance
In the new firebase updates they said: we should provide APP_ID and API_KEY.
Is there any alternative for that as SDK developers?
If not, is there a way to get API_KEY from dashboard instead of download the googel-service.json and extract from it manually?
Both API key and App ID can be found in the Firebase console too.
The API key you need is called Web API Key and can be found in the general gettings screen in the Firebase console.
The App ID can be found when you select a specific app from that general setting screen, and is under the label App ID
I have one query regarding usage of client Id in Google Developers console.
For one project, someone had created one clientId for using Google fit API's for storing fitness data. And I don't have the credentials for account used for creating the Client-id. Also I'm not able to find the client-id anywhere in code.
Now I want to add Google Sign-in using "AppAuth for Android". For which I need to add clientId and redirectUri in code.
My question is, can I create new clientId and redirectUri with any other account using same SHA1 fingerprint and package name? or Do I have to use the same existing client-id? (which doesn't seem to be a possible way)
Edit1:
As #iainmcgin mentioned I tried to create one using the same SHA-1 and package name, but getting below error.
The fingerprint that you specified is already being used by an Android OAuth2 client ID in this project or another project.
Google engineer on the Google Identity Platform team here - we enforce a 1:1 mapping between client IDs and package name + certificate hash, so you can't create another client ID. You'll need to regain access to the project that defined the original client ID; if you are not able to do that, contact me at iainmcgin#google.com with the details of your app and I'll try and put you in touch with people that can verify your ownership of the app and either delete the original client, or give you access to the original project, whichever turns out to be more appropriate.
So, I am building an Android module that will be provided to android apps as a Gradle dependency (or AAR package). Eg. Just like Mixpanel, Google Analytics provide their modules to interact with their services, we will be providing our service's SDK to interact easily with our service.
I'll refer our module as SDK and the app in which it is included as Parent App.
For enhances user experience, we would like to fetch an ID_TOKEN of the user using the Parent App. But fetching an ID_TOKEN involves creating a Client ID in cloud.google.com using the SHA1 signature of the build key and the name of the package.
When someone would be including our SDK in their apps (Parent App), we cannot know what the SHA1 signature of their build key is and what the name of their package is.
I was wondering how we can achieve this. Or a better question: Is it something that can be done only if we ask in OUR OWN apps?
Thanks for this.
I assume you are referring to ID token for a Google account (i.e. sign in with Google).
First of all, GoogleAuthUtil.getToken was the legacy way of retrieving an ID token, which won't give you the best user experience. Check out this blog post for details:
http://android-developers.blogspot.com/2016/05/improving-security-and-user-experience.html
You should use Auth.GOOGLE_SIGN_IN_API instead for ID token retrieval:
https://developers.google.com/identity/sign-in/android/backend-auth#send-the-id-token-to-your-server
Second, if it's "Parent App" that requests a token, the app's identity will be "Parent App" to Google's OAuth backend, and you are right, no way you can masquerade the token retrieval as your app. (And it doesn't make sense if you could masquerade as one single app. Assuming you distribute your SDK to 100 apps, user giving OAuth grant to app 1 should not make app 2 auto get the grant).
But as long as you:
Ask your SDK consumers to register with Google:
https://developers.google.com/identity/sign-in/android/start-integrating#get-config
Ask them to share with you their registered client ID for "Web
Application" type and you can help them generate a config file your
SDK is capable of reading.
In your Android SDK / module, you read the config file and use the client id when GoogleSignInOptions.Builder.requestIdToken(CLIENT_ID_FROM_CONFIG_FILE)
On your server, make sure to check ID token's 'audience' is one of
the registered client IDs.
Then it should work.
Hope it helps.
I am trying to follow instructions here:
Verifying Back-End Calls from Android Apps
I'm expanding on the question I asked here:
identifying which android app is making contact with my appengine app
all was going well in my test environment. I had a debug.keystore that my app was using in eclipse, and I even received tokens from my calls to GoogleAuthUtil.getToken(). Then I copied my code to the actual project that it will be used in. I got the keystore (I had saved it from previous publishing on google play) and used it to create a new client ID on the Google APIs Console.
Then I use eclipse to export my project, but after using the right keystore and the associated ID, I am not getting tokens.
Meanwhile I've been trying different things. I had an ID that I made for my app engine app. I used that in the android app and I was given a token. I don't know weather or not that particular token would be cleared when I checked it on my app engine site (I suspect not) but I got a token from it.
I'm kinda assuming that the ID that I'm supposed to use with my android call to GoogleAuthUtil.getToken() is supposed to be from the 'Client ID for installed applications' section (of the Google API page). Is this not so? Only there can you set the application type to 'Android' and the package name to match your application... right?
I assume you're specifying a client_id using the format:
audience:server:client_id:$client_id
This client_id, as the format above tries to hint, is for your home server, in this case the AppEngine app's client_id (a web application client_id). It should verify nicely in AppEngine if you configure your AppEngine app properly.
Again, your Android app asks for a token and names your AppEngine App. You don't need to name your Android app's client_id in the request because the Android platform can recognize your app based on the package name and certificate hash you computed using the keystore tool.
I want to use googleplus API for my Android application.
Can I share my googeplus Client ID and API keys in menifest.xml file without any security being compromised?
Can somebody do some malicious activity using this information?
They could exhaust your API call quota by impersonating your app. Then your app will stop working (either temporarily or permanently if they ban your key). That said, for your app to work, they need to be inside the app, so you have to put them there. You might try to obfuscate them somewhat to make them less obvious.
There's a better way to setup client authentication in Android than using the simple API key. Full instructions are available from the Google+ Platform for Android page. At a high level, the following steps are taken:
Create a client ID for Android using your package name and a signing fingerprint from your Android keystore. This will protect your application because only you can sign your apps.
Use the Google Play Services SDK to perform operations against the Google+ API.
You will not need to authenticate in the same sense that you would for Web applications because your package and its certificate are sufficient to identify your application. For this reason, you will need a unique package per application.