I wasn't having such a problem when using the old Firebase authentication methods. After accepting Identity Platform, my gmail and phone auth systems are not working in "android release" mode of my app (downloaded play store app). I'm currently search of the reason for this. I also put the sha keys to Firebase from Google Console App Signing and i also debugging authentication code base with test phone numbers and test gmails. There is no problem in code base or sha keys(my opinion). Now I am verifying oauth in Google Cloud Console. When this verification is verified, will my gmail and phone auths in android release mode be opened? And how long does this verification process take? Ios gmail and phone auth methods work well in the apple store or emulator. Also when i look at Google Cloud Console there are some errors on Identity Toolkit Api and Token Service Api.[enter image description here](https://i.stack.imgur.com/BeF3a.png)
I think the cause of the problem is identity platform integration and this validation for oauth. For what other reason do you think the firebase authentication systems (gmail and phone) works on iOS but not on Android?
Related
I am developing an application using Supabase, Flutter and Google OAuth and I would like to know if it is possible to have a single clientId and clientSecret for each device type (ios, android and web) so that I don't have to implement a different authentication workflow for each device.
I have tried looking around the Google Console and see if it is possible to create a single authentication API for multiple devices. I also tried searching online.
There are sevral types of Oauth2 clients.
installed app client (for applications run on the machine)
web app clients (for applications run on web servers)
Android app clients (for applications run on android devices)
IOS app clients (for applications run on Iosdevices)
The authorization method for these three types is different, the code used to authorize them is also different. They can not be mixed.
Android app requires SHA-1 certificate fingerprint
Ios app requires App Store ID
web app requires a redirect uri
So the answer is no you can not create one type of credential to work with Android, Ios and web, you need three different credential types.
a bit of sdk magic
If a user authorizes your web app, they may not need to authorize your android and Ios apps as long as the credentials are all part of the same project on Google developer console.
Last I checked this is not true the other way around, if a user authorizes android or ios first and then tries web they will need to authorize again.
My guess is this is something baked into the android and ios sdk on googles side that is not part of the respective client libraries for web. Either that or its something in the authorization code grant that isn't in the mobile code grant type for Oauth2 I have never bothered to dig to far into it.
I'm using firebase authentication in a flutter app.
I've set up apple authentication and I'm building for both web and for ios.
In the apple developer console, I have an app id (com.crossology.ios) and an associated services id (com.crossology.auth)
In the firebase console, if I set authentication > apple > services id to "com.crossology.ios", authentication works in my flutter app.
If I set it to "com.crossology.auth", authentication works on my flutter web interface.
I don't see a way to configure apple authentication to work for both web and app at the same time.
I am trying to do get OTP without Verifying you are not a robot screen using firebase in a flutter.
I added the SHA-256 key in firebase and enabled the Android Device Verification in console developer google. But still after entering the phone number for OTP that Verifying you are not a robot screen was showing and redirecting to the app. Did I miss something or it will take time to activate Android Device Verification.
Make sure your app is Registered via SafetyNet at:
Firebase Console > Project Settings > App Check > Your app
Secondly, try to test it on a real device. If you are testing phone authentication on an emulator then reCAPTCHA screen will be still shown but for real devices it won’t be shown anymore as stated in the official documentation.
Addition: It will always be shown in rooted devices.
Edit: If this is happening only to your playstore downloaded application, then you probably didn't add your playstore signing SHA1 and SHA256 to your firebase.
Go to your playstore account, app signing under integrity and copy these keys and add them to your firebase project.
I'm using this Flutter package to interface with the Google game service https://pub.dev/packages/games_services
I think I configured the game service in Google play console correctly and implemented codes in my project. Although my app is showing and submitting the score to the iOS game center, but my app can not show the leaderboard nor submitting a score as well.
I published my app in the Google play console and linked this app in the Game service in Google play console. Actually I set up the Firebase AdMob as well, so I configured my app with the SHA1 fingerprint through the Firebase(It created the OAuth ClientID, etc. automatically in Google API console) before I linked my app in Google game service.
I'm suspicious that the credentials including OAuth ClientID, etc. were not created by Google play console.
Can anybody give me a tip to resolve this issue?
Do you mean that your leaderboards are running correctly in iOS game center?
If not, you may have to make sure that your implementation is correct first.
If you suspect it's an OAuth credentials issue, you can try linking a second SHA1 fingerprint as described in Google's official documentation.
In "Check the certificate fingerprint" section:
Note: If you are debugging your game using your debug certificate but
have configured games services using your release certificate, you
should add a second linked app using the same package name and your
debug certificate's SHA1 fingerprint. This will allow you to sign in
to the application whether it's signed with the debug or release
certificates.
Google Play Console default has a managed App Signing feature that will replace your upload key with a Google-managed key, which may cause fingerprint mismatch that you described.
Can we register a biometric fingerprint on the phone in flutter. I search about that on google and found loca_auth flutter plugin but it can only get the list of biometric fingerprints and authenticate fingerprint but what I need is to register biometric fingerprints in the device.
Third party apps do not have the capacity to register/add biometric materials to devices, no matter what platform you are using -- flutter, etc. Here is how the flow works in general.
User gets a new phone (purchased, gifted, found, etc.), a phone that supports biometric authentication.
User goes to Settings and enrolls a biometric template (e.g. enrolls their fingerprint as a way of unlocking the device). In general, this is the only way to register/enroll a fingerprint/face/iris/etc.
Your app wants users to authenticate using biometrics and so implements something similar to what's described here or here.
Now inside your app, when the user clicks to authenticate(), your app never actually sees any biometric materials. Biometric materials are kept in a secure location so that third party apps cannot access them. What your app gets is acknowledgement from the Framework that the fingerprint/face/iris trying to authenticate into your app is indeed enrolled on the device. Checkout the blog posts I mentioned for more details.
You can do this. Just take a look at this:
Fingerprint Authentication in Flutter
Accordingly you also need to set permissions in android manifest file too.