I have created a simple app-engine endpoints api. Now I need to add the client_id and audience information for the android frontend. Following the links, I ended up at Configuring Your Web App Backend to Recognize Your Android Client. But step 2.a of the instructions does not match anything on the Google API Console. After I clicked API Access, the only option I get is to Create an OAuth 2.0 client ID (so there is no Create another client ID). Beyond that point the divergence grows wider. The actual options are product name, Google account, and Product logo. So clearly I am in the wrong tab.
I imagine this is something everyone with an app-engine android app must have gone through. Will someone please help guide me?
The instructions skipped a view steps and renamed a new, but I got there eventually.
Related
I have one query regarding usage of client Id in Google Developers console.
For one project, someone had created one clientId for using Google fit API's for storing fitness data. And I don't have the credentials for account used for creating the Client-id. Also I'm not able to find the client-id anywhere in code.
Now I want to add Google Sign-in using "AppAuth for Android". For which I need to add clientId and redirectUri in code.
My question is, can I create new clientId and redirectUri with any other account using same SHA1 fingerprint and package name? or Do I have to use the same existing client-id? (which doesn't seem to be a possible way)
Edit1:
As #iainmcgin mentioned I tried to create one using the same SHA-1 and package name, but getting below error.
The fingerprint that you specified is already being used by an Android OAuth2 client ID in this project or another project.
Google engineer on the Google Identity Platform team here - we enforce a 1:1 mapping between client IDs and package name + certificate hash, so you can't create another client ID. You'll need to regain access to the project that defined the original client ID; if you are not able to do that, contact me at iainmcgin#google.com with the details of your app and I'll try and put you in touch with people that can verify your ownership of the app and either delete the original client, or give you access to the original project, whichever turns out to be more appropriate.
I'm just getting started with using the Google Drive REST API in an Android app. (I can't use the Google Drive API for Android because the app needs to share files, and perhaps a few other things, that GDAA doesn't support.) I'm stuck on a couple of points.
The first has to do with OAuth2.0 credentials. I went through the Android quick start example and it works fine. I set up a project on my Google developer console and generated an OAuth2.0 client ID and secret and also downloaded the JSON credentials file. However, the quick start example doesn't show how to plug any of this into the app. The only thing I found in the docs that seems relevant is GoogleClientSecrets, but I don't see anything about how to use that in an Android app. (The Java quick start example uses this, but it's not integrated with Android's account manager and doesn't seem right for an Android app.) When I run the Android version of the quick start app, no activity shows up on my developer console, which suggests to me that the app is running in some sort of anonymous mode. As I understand it, that would limit the app to a very low daily quota of transactions.
Second, I noticed that the GDAA and the REST API for JavaScript both have nice file picker APIs. I couldn't find anything similar in the Java/Android API.
So here are my specific questions:
How do I use my app's OAuth2.0 credentials from the developer console in a REST API for Android Java app? I feel like I'm just missing something obvious.
Is there a file picker API for the Google Rest API for Android?
After stepping through the library as I executed the Quickstart example (a painful process, as there is no source code), I discovered the answer. It turns out that you need to specify the client ID in the manifest. Specifically, you needs the following under the <application> tag:
<meta-data
android:name="com.google.app.id"
android:value="app ID from your API console"/>
Once this entry is in the manifest, then when the app uses the Google Drive REST API to interact with Google's servers, the transaction is correctly logged as traffic in your app's console. Without this entry, the app seemed to work in my testing, but no traffic was logged. I seem to recall (from an old Google I/O video) that such "anonymous" apps still work, but have a very low usage quota (something like 10 or 100 queries/day).
For those who are curious, I found this key in the class com.google.android.gms.common.internal.zzz, found in the play-services-basement-10.2.0 library.
Save the client_id.json file downloaded from the Google API console into into your app's src/main/res directory.
I was stuck exactly the same, but after I built my app with the file included the Google API started working.
How do I use my app's OAuth2.0 credentials from the developer console in a REST API
The pages around https://developers.google.com/android/guides/api-client give you all that you need to know. In particular, note the Java Quickstart you were using is for generic Java. The way Google Play Services on Android manage credentials and accounts is very Android-specific.
Is there a file picker API for the Google Rest API for Android?
Not that I know of, but depending on your use case, you might be able to use the GDAA picker. Ultimately, both GDAA and the Java REST API are layers above your Drive storage.
So, I am building an Android module that will be provided to android apps as a Gradle dependency (or AAR package). Eg. Just like Mixpanel, Google Analytics provide their modules to interact with their services, we will be providing our service's SDK to interact easily with our service.
I'll refer our module as SDK and the app in which it is included as Parent App.
For enhances user experience, we would like to fetch an ID_TOKEN of the user using the Parent App. But fetching an ID_TOKEN involves creating a Client ID in cloud.google.com using the SHA1 signature of the build key and the name of the package.
When someone would be including our SDK in their apps (Parent App), we cannot know what the SHA1 signature of their build key is and what the name of their package is.
I was wondering how we can achieve this. Or a better question: Is it something that can be done only if we ask in OUR OWN apps?
Thanks for this.
I assume you are referring to ID token for a Google account (i.e. sign in with Google).
First of all, GoogleAuthUtil.getToken was the legacy way of retrieving an ID token, which won't give you the best user experience. Check out this blog post for details:
http://android-developers.blogspot.com/2016/05/improving-security-and-user-experience.html
You should use Auth.GOOGLE_SIGN_IN_API instead for ID token retrieval:
https://developers.google.com/identity/sign-in/android/backend-auth#send-the-id-token-to-your-server
Second, if it's "Parent App" that requests a token, the app's identity will be "Parent App" to Google's OAuth backend, and you are right, no way you can masquerade the token retrieval as your app. (And it doesn't make sense if you could masquerade as one single app. Assuming you distribute your SDK to 100 apps, user giving OAuth grant to app 1 should not make app 2 auto get the grant).
But as long as you:
Ask your SDK consumers to register with Google:
https://developers.google.com/identity/sign-in/android/start-integrating#get-config
Ask them to share with you their registered client ID for "Web
Application" type and you can help them generate a config file your
SDK is capable of reading.
In your Android SDK / module, you read the config file and use the client id when GoogleSignInOptions.Builder.requestIdToken(CLIENT_ID_FROM_CONFIG_FILE)
On your server, make sure to check ID token's 'audience' is one of
the registered client IDs.
Then it should work.
Hope it helps.
My apologies for asking this question on Stackoverflow, but Google says that this is my only choice. I have a support package from Google in theory, but all attempts to get a PIN yield "Invalid Operation" (a different problem).
I am just trying to use the Google web page instructions to create an Android client Id for secure access to AppEngine Endpoints.
In the following Google instructions, steps 6 and 7 point me to non-existent user choices on the Google Cloud console.
Straight from the web page:
[https://developers.google.com/appengine/docs/java/endpoints/auth#Java_Creating_OAuth_20_client_IDs]
...
Creating an Android client ID
...
Open the Google Cloud Console. [https://cloud.google.com/console]
When your project appears in the projects pulldown menu, select it to make it the active project. [Selected the project from the table of projects]
Click APIs and Auth and select Registered Apps [No such selections exist; tried all links - nothing even close to on topic.]
If your app is not yet registered, select the Register App button. [No such link exists.]
…
I hope Google is listening and can help. My apologies to everyone else. I have no other way to contact Google.
I don't understand what's the issue, as the instruction provided is correct and that's how we generated the client ID for our projects:
I am implementing a sync adapter for my app to sync with an appengine backend. On appengine I am using the built in User api for authentication. There is a post HERE that tells how to do it, however the app is listed under the gmail account. Ideally my app would be listed in the accounts. I don't want to ask the user for username and password, just use the existing google account for authentication. Has anyone done this before??
Update:
I've been working on this and it looks like I could implement the AuthenticationService and store the users account name and leave the password as an empty string. In the getAuthToken() methods I should be able to simple return the google auth token. Will post once I get further along...
Perhaps you have misunderstood the Android account system. When you go to Settings -> Accounts & Sync and add a new account what you see then is a list of account types. Often there is a relationship between account types and apps, for example Facebook accounts are used together with Facebook. Normally you would add a new account type if you have a different backend system for handling authentication etc.
If I understand you correctly, you use Google accounts but want it to appear as your own account type. That sounds wrong to me. You'll end up reimplementing the Google account handling, with little value. I believe it is simpler for users if you simply piggyback on what Google provides you with. Your app / service / content provider can be seen when clicking on the account. For example, after installing "Tasks" by "Team Task" (disclaimer: I'm not affiliated with that company) they add "Sync Tasks" to the list of data & sync options.
But if you really want to create your own account type, follow the sample Sample Sync Adapter. Look for the Authenticator code and related resources (e.g., manifest, activity layout, etc.).
This is indeed possible and I have implemented this with success but be warned it is a bit of a headache.
There is an excellent tutorial available called writing-an-android-sync-provider-part-1
... don't forget to check the follow up in part 2
Beyond this there is also an example in the Android SDK samples called SampleSyncAdapter which was invaluable in my development.
With a little hard work and a lot of coffee you should be able to get this working ;)