Google Login 不适用于 AWS Mobile Hub 生成的 Android 应用程序

Question

I have generated an app with AWS Mobile Hub. Google Login works fine in the start. But if I give the exactly same codes to the other developer it gives the error below. Or if I refactor the package name Google Login does not work anymore even with my own computer. (With iOS google-login works fine). I have tried to follow all the instructions but no help. I have also changed the package name for OAuth 2.0 client ID for android (console.developers.google.com).

Error message: Google failed. Unknown (Service: google-sign-in; Status Code: 503; Error code: 503; Request ID: google-sign-in) packageName Vs applicationID Android AWS Mobile Sign-in with

Here is one solution that did not work with me: http://mobiledevelopmenttips.blogspot.fi/2016/02/packagename-vs-applicationid-android.html?showComment=1461311778234#c2030693740616382564

Answer 1

Here's a couple things to check.

1. Make sure any other developer are registered as test accounts. https://developers.google.com/games/services/console/testpub#enabling_accounts_for_testing

2. Make sure you're both running the app in debug mode or you're signing it with the same certificate. https://developer.android.com/tools/publishing/app-signing.html#studio

3. If you change the package name, make sure you make that change in the build.gradle file, not just in the AndroidManifest.xml file.

Hopefully, if you check those issues, you'll get things going. Otherwise, I would recommend looking through Google's troubleshooting documentation.

Answer 2

Jukka,

Assuming that no other Application ID or package names have changed from your project code, this error is expected with Google Sign-in when using your debug.keystore and sharing project code.

This error occurs when the Signing-certificate fingerprint (SHA-1) of the Client ID for Android from your console.developers.google.com project DOES NOT MATCH the fingerprint of the developers that signed the app. To reproduce your error, modify the Android Client ID SHA-1 fingerprint value in the google dev console and then attempt to sign-in from your current environment. I would expect a similar error:

com.amazon.mysampleapp E/SignInActivity:User Sign-in failed for Google
: Unknown (Service: google-sign-in; Status Code: 503; Error Code: 503;
Request ID: google-sign-in)

Issue : Each development environment has a unique debug keystore used to sign an apk. Google Sign-in restricts access to only those apps signed by a known SHA-1 signing-certificate you provided when creating the Android Client ID. The other developer has a different fingerprint, signs the apk and fails because his/her fingerprint is not associated with an Android Client ID.

Solution : Create a new Android Client ID associated with your Google Developer Console project that contains the other developers fingerprint (you can have multiple Google Client IDs within a single Google Console Project). Note: When enabling Google Sign-in feature in your Mobile Hub project, Mobile Hub actually creates an OpenID Connect provider (accounts.google.com) in IAM on your behalf. Within the provider, Mobile Hub adds the Android Client Id you provided as an "Audience" to the provider. Still with me?

The Android Client ID you provided is not in your generated sample code and is only used to identify the signed app attempting to make API calls directly to Google.

So, to recap the solution:

1. Create a new Android Client ID (within Google Dev Console) with the other developers fingerprint following the steps outlined in the side panel help documentation within the Mobile Hub console.

2. Log into AWS IAM Console, select "Identity Providers" > "accounts.google.com" and ADD your newly generated Android Client ID as a new "Audience". If you forget/ignore this step, you'll get status code 400 NotAuthorizedException Incorrect token audience from Cognito when attempting to sign-in.

This will not be an issue with a production app. When you prepare to release your app on the app store(s), follow Google's suggested steps to generate a NEW final client ID for your production app and then provide that client ID to IAM as an "Audience". Once you sign the apk and release it, all users have the same signed APK and will be able to authenticate via Google Sign-in. https://support.google.com/cloud/answer/6158849?hl=en#android

Answer 3

Finally it started to work when I did these four things:

1. Created new AWS Mobile Hub project

2. Created new Google Credentials project and used new ids for Mobile Hub project

3. Refactored package name in our real application to a new name (I don't mean refactoring from com.mysampleapp package name which had been refactored earlier but we had to decide new package path for our internal use)

   • eg like this com.company.myapp -> com.company.myapp2

4. I put back Guest Login functionality in AWS Mobile Hub

   • This was the last step to make it work for me but maybe this is not crucial for others who might have similar problems. We have had different options should we allow guest login during the project so that's why it was important to us.