androidgoogle-oauthgmail-apiandroid-credential-manager

OAuth consent screen in android app with OAuth2.0 using Credential Manager API


I am trying to request Gmail readonly consent in my android application, via OAuth2.0. There are many solutions available using old Google SignIn API, but it is going to be deprecated and Credential Manager API https://developer.android.com/training/sign-in/credential-manager, is now preferred approach.

I have successfully created the Android credentials and have the Client-id, and I am also able to launch the system generated bottomsheet, with the following code

        val googleIdOption: GetGoogleIdOption = GetGoogleIdOption.Builder()
            .setFilterByAuthorizedAccounts(filterByAuthorizedAccounts)
            .setServerClientId(CLIENT_ID)
            //.setNonce("<nonce string to use when generating a Google ID token>")
            .build()

        val credentialManager = CredentialManager.create(this)
        val request =
            GetCredentialRequest.Builder().addCredentialOption(googleIdOption).build()
        lifecycleScope.launch {
            try {
                withContext(Dispatchers.IO) {
                    val result = credentialManager.getCredential(this@HomeActivity, request)
                    handleSignIn(result)
                }
            } catch (e: NoCredentialException) {
                Timber.e(e)
            } catch (e: GetCredentialException) {
                Timber.e(e)
            }
        }

but as soon as I select an account(which is also added as test user under cloud project), and continues, then it throws an error, instead of the consent screen that usually comes after authentication.

androidx.credentials.exceptions.GetCredentialCustomException: Developer console is not set up correctly.
at androidx.credentials.CredentialProviderFrameworkImpl.convertToJetpackGetException$credentials_release(CredentialProviderFrameworkImpl.kt:291)
at androidx.credentials.CredentialProviderFrameworkImpl$onGetCredential$outcome$2.onError(CredentialProviderFrameworkImpl.kt:152)
at androidx.credentials.CredentialProviderFrameworkImpl$onGetCredential$outcome$2.onError(CredentialProviderFrameworkImpl.kt:143)
at android.credentials.CredentialManager$GetCredentialTransport.lambda$onError$2(CredentialManager.java:694)
at android.credentials.CredentialManager$GetCredentialTransport.$r8$lambda$nlbYav9mLBoE6Yh1vFKCvITF3ks(Unknown Source:0)
at android.credentials.CredentialManager$GetCredentialTransport$$ExternalSyntheticLambda2.run(Unknown Source:6)
at androidx.credentials.CredentialManager$$ExternalSyntheticLambda0.execute(D8$$SyntheticClass:0)
at android.credentials.CredentialManager$GetCredentialTransport.onError(CredentialManager.java:693)
at android.credentials.IGetCredentialCallback$Stub.onTransact(IGetCredentialCallback.java:123)
at android.os.Binder.execTransactInternal(Binder.java:1363)
at android.os.Binder.execTransact(Binder.java:1304)

Yup I have already checked package-name and SHA-1 fingerprint many time, also consent screen is configured for ..gmail.readonly scope.[Not submitted the verification, as it is in testing]. And it is not mentioned that it is needed verification to work until, it goes into production.

One more thing I tried is to replace Android Client Id with Web application Client Id. However it does allow me to sign in, but there is no consent screen afterwards.

Looking so far I think in new Credential manager API, launching consent screen is being handled by the API itself, and also I am not able to find relevant code or method in the respective package.

What is missing here?


Solution

  • Using any type of OAuth Authorization (as compared to Authentication) is not supported by CredentialManager. For authorization, you would need to use the Authorization APIS directly; those APIs are part of the play-service's auth library. If you run into any issues with those APIs, please feel free to post a question.