CODEWITHSUNDEEP
androidpythongoogle-app-enginegoogle-oauthgoogle-cloud-endpoints
plspl
plspl

Reputation: 728

GLS error: INVALID_AUDIENCE in google cloud endpoints

I am trying to get an google endpoints to work.I created an endpoint service and was able to test that its working fine through Google API exploer. I then generated the android client and tryied to call my endpoint service. I see this error in the log,

04-05 08:48:20.547: I/GLSUser(13505): GLS error: INVALID_AUDIENCE [email protected] audience:server:client_id:334082396285-hfn3t2g5pg0gv8fshf22kaadq9fs23e2.apps.googleusercontent.com

Here is my android java code to build the credential i.e used to access my service,

AUDIENCE = "server:client_id:334082396285-hfn3t2g5pg0gv8fshf22kaadq9fs23e2.apps.googleusercontent.com";
credential = GoogleAccountCredential.usingAudience(this, AUDIENCE);
            setAccountName(settings.getString(PREF_ACCOUNT_NAME, null));

It looks like there is some mismatch in client_id. Here is what I did,

1) Created 2 client_ids in Google APIs console in one API project, a) WEB_CLIENT_ID = I created a client_id for web applications with Redirect URIs = None & JavaScript origins = None. b) ANDROID_CLIENT_ID = Created a client_id for android app with package name & sha1 certificate fingerprint.

2) Then used these in my endpoint service in python,

@endpoints.api(name='devices',
               version='v1',
               description='Service to register devices',
               allowed_client_ids=[ANDROID_CLIENT_ID,WEB_CLIENT_ID,endpoints.API_EXPLORER_CLIENT_ID],
               audiences = [WEB_CLIENT_ID])

Complete log

04-05 08:48:20.397: D/overlay(159): Set pipe=RGB1 dpy=0; Set pipe=VG0 dpy=0; 
04-05 08:48:20.547: W/GLSUser(13505): Status from wire: INVALID_AUDIENCE status: null
04-05 08:48:20.547: W/GLSUser(13505): Status from wire: INVALID_AUDIENCE status: null
04-05 08:48:20.547: I/GLSUser(13505): GLS error: INVALID_AUDIENCE [email protected] audience:server:client_id:334082396285-hfn3t2g5pg0gv8fshf22kaadq9fs23e2.apps.googleusercontent.com
04-05 08:48:20.547: W/GLSUser(13505): Status from wire: Unknown status: UNKNOWN
04-05 08:48:20.547: W/System.err(31908): com.google.api.client.googleapis.extensions.android.gms.auth.GoogleAuthIOException
04-05 08:48:20.547: W/System.err(31908):    at com.google.api.client.googleapis.extensions.android.gms.auth.GoogleAccountCredential$RequestHandler.intercept(GoogleAccountCredential.java:224)
04-05 08:48:20.547: W/System.err(31908):    at com.google.api.client.http.HttpRequest.execute(HttpRequest.java:836)
04-05 08:48:20.547: W/System.err(31908):    at com.google.api.client.googleapis.services.AbstractGoogleClientRequest.executeUnparsed(AbstractGoogleClientRequest.java:412)
04-05 08:48:20.557: W/System.err(31908):    at com.google.api.client.googleapis.services.AbstractGoogleClientRequest.executeUnparsed(AbstractGoogleClientRequest.java:345)
04-05 08:48:20.557: W/System.err(31908):    at com.google.api.client.googleapis.services.AbstractGoogleClientRequest.execute(AbstractGoogleClientRequest.java:463)
04-05 08:48:20.557: W/System.err(31908):    at com.package.appname.SetupActivity$SendResultToServerTask.doInBackground(SetupActivity.java:174)
04-05 08:48:20.557: W/System.err(31908):    at com.package.appname.SetupActivity$SendResultToServerTask.doInBackground(SetupActivity.java:1)
04-05 08:48:20.557: W/System.err(31908):    at android.os.AsyncTask$2.call(AsyncTask.java:287)
04-05 08:48:20.557: W/System.err(31908):    at java.util.concurrent.FutureTask.run(FutureTask.java:234)
04-05 08:48:20.557: W/System.err(31908):    at android.os.AsyncTask$SerialExecutor$1.run(AsyncTask.java:230)
04-05 08:48:20.557: W/System.err(31908):    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1080)
04-05 08:48:20.557: W/System.err(31908):    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:573)
04-05 08:48:20.557: W/System.err(31908):    at java.lang.Thread.run(Thread.java:856)
04-05 08:48:20.557: W/System.err(31908): Caused by: com.google.android.gms.auth.GoogleAuthException: Unknown
04-05 08:48:20.557: W/System.err(31908):    at com.google.android.gms.auth.GoogleAuthUtil.getToken(Unknown Source)
04-05 08:48:20.557: W/System.err(31908):    at com.google.android.gms.auth.GoogleAuthUtil.getToken(Unknown Source)

Have already seen similar threads and they didn't help, Google Api and android Oauth INVALID_AUDIENCE error

Upvotes: 5

Views: 7348

Answers (5)

marmor
marmor

Reputation: 28199

Happened to one on my team although it worked ok on my device. It turned out to be because of a different debug.keystore on our eclipse installations.

To solve it we've copied the company's debug.keystore file to ~/.android/ (this is the dir on a mac, it's different on linux and windows)

Upvotes: 2

William
William

Reputation: 20196

You will get this error if the ANDROID_CLIENT_ID that you annotate @Api#clientIds with has a different Android package name than that of the Android client.

Eg 

@Api(
    name = "yourFirstService",
    version = "v1",
    namespace = @ApiNamespace(ownerDomain = "myorg.org", ownerName = "My Org", packagePath = "firstservice" ),
    scopes = {Constant.API_EMAIL_SCOPE},
    clientIds = {Constants.ANDROID_CLIENT_ID, Constant.API_EXPLORER_CLIENT_ID},
    audiences = {Constants.ANDROID_AUDIENCE}
)
public class YourFirstAPI { 
  ...
}

The point of interest is the clientId attribute. The ANDROID_CLIENT_ID there needs to

  1. Match the clientId in your Cloud Console->APIS & Auth->Credentials->Client ID for Android application.
  2. The package name of that clientId needs to be the same as the Android app you are using as a client.

Upvotes: 3

wemens
wemens

Reputation: 21

This issue occurred for me when I created a new development environment on another system. I installed Android Studio on the new system and copied the code over. The same code that worked on my old system did not work on the new, with INVALID_AUDIENCE. After trying several things, what finally worked was copying the debug.keystore file from my old system to the new. On Windows the file is located in %USERPROFILE%.android. This makes sense since the debug.keystore is generated by Android Studio at installation specifically for that computer. The debug.keystore has an expiration date (365 days I heard) so this could also be the cause. So the real solution for me was to regenerate the debug.keystore file on the new system. Deleting the debug.keystore file and restarting Android Studio will regenerate the file. Then run keytool to get the SHA1 Certificate fingerprint. Then go to http://console.developers.google.com to create a new client ID with the fingerprint.

Upvotes: 2

Charlires
Charlires

Reputation: 873

I solve this issue setting a name for the project in the google api console.

In the new UI API console in [APIs & auth] --> [Consent screen]

Upvotes: 6

plspl
plspl

Reputation: 728

Phew! Finally got it to work. Not sure what was wrong. Tried these things, deleted debug keystore file and regenerated it. Copied the sha1 fingerprint to api console. Then followed instructions from here - http://android-developers.blogspot.com/2013/01/verifying-back-end-calls-from-android.html to make sure that I can at least get a token on android device. Then I changed to using the endpoint generated client classes. Now my app is able to talk to app engine backend through endpoint service.

Upvotes: 4

Related Questions