CODEWITHSUNDEEP
androidgoogle-cloud-platformgoogle-oauthgoogle-signin
npogoncuk
npogoncuk

Reputation: 41

Android OAuth 2.0 Client can't verify app ownership

I am trying to verify app ownership in OAuth client in Google Cloud Console -> APIs & Services -> Credentials -> OAuth 2.0 Client IDs. But I get the error "This client is not applicable to verify ownership because it's not a Google Play Store app", regardless of which Android OAuth client I'm using with the SHA-1 of google play app signing key or release key. What could be causing this?
enter image description here

I have the Admin role, but the account with the Owner role had the same problem. The app was published on Google Play years ago.

Upvotes: 0

Views: 341

Answers (2)

Xavier R
Xavier R

Reputation: 21

You say that your Legacy App Signing Certificate is no longer in use. In fact if you upgraded your app's signing key in Google Play as explained here, your Legacy App Signing Certificate is still used on Android 12L and below. This is because Google Play applies the v3.1 signature scheme when rotating the signing key, which is explained here:

  • Devices that run Android 13 or higher (minSdkVersion=33) use the rotated signer in the v3.1 block.
  • Devices that run older versions of Android (minSdkVersion=24, maxSdkVersion=32) ignore the rotated signer and instead use the original signer in the v3 block.

Hence when you implement Google Sign-in, you should still declare in your OAuth Client ID the SHA-1 fingerprint of your Legacy Certificate. Authentication to Google APIs will still work on Android 13 and above thanks to the proof of rotation included in the v3.1 signature -> it allows the new signing key to be recognized as valid for the OAuth Client ID associated to the Legacy Certificate.

Upvotes: 2

HerPat
HerPat

Reputation: 413

I think the error means your OAuth 2.0 Client you’re trying to use to verify app ownership is not recognized as being associated with any Google Play app or the published app you mentioned.

You mentioned that the app was published on Google Play years ago, you can try referring to this documentation for another way to verify your App ownership. As per the documentation, the Android app ownership verification is only available for Google Play apps. You can also check these steps on how to authenticate your client using Play App Signing.

This OAuth 2.0 for Mobile & Desktop Apps documentation might be a good read and can be helpful for you.

Upvotes: 0

Related Questions