Suggestions to debug Google Play Integrity DecodeIntegrityToken API

Question

Trying to figure out how to use Google's play-integrity api to verify nonces. I've hit this roadblock and am unsure what other things I could try to debug and get more information out of this API. Below is a series of steps I've taken to get to the point I'm currently at.

What I've done:

Created a service account within the Google Cloud project with the grants:

• Service Account User and Service Usage Consumer
• Setup Google Auth Default Credentials
• Set environment variable:GOOGLE_APPLICATION_CREDENTIALS by pulling down imported json from service account.

Where I'm at now:

• Used google-api-client to build and call playintegrity, resulting in the response:

Code snippet:

response = service.v1().decodeIntegrityToken(
  packageName='com.myapp.package',
  body={
    'integrityToken':'superLongString'
    }
).execute()

raise HttpError(resp, content, uri=self.uri)
googleapiclient.errors.HttpError: <HttpError 400 when requesting
https://playintegrity.googleapis.com/v1/com.myapp.package:decodeIntegrityToken?alt=json
returned "Integrity token cannot be decoded due to invalid arguments.". 
Details: "Integrity token cannot be decoded due to invalid arguments.">

What I'm trying to do:

I'm trying to better understand how to call decodeIntegrityToken with the right parameters or configurations to retrieve a 200. It is not immediately clear to me which of it is is and what the next steps to debug are.

Resources used:

• https://developer.android.com/google/play/integrity/verdict#returned-payload-format
• Decode integrity token using Google PlayIntegrity API

Answer 1

If you are receiving an INTEGRITY_INVALID_ARGUMENT check one of the following:

• arguments in body_request are incorrect.
• integrity_token, which is retrieved by google upon sending over a nonce. Note that this integrity_token needs to be correct or else it will still send the same error message above.