3

I got the google cloud endpoints working with an android app and backend written in python app engine. When I uninstalled and re-installed my app during development, I started running into a 401 error from the backend. This is without any changes in backend after I got it to work the first time. So,

  1. I cleaned up debug.keystore file in C:\Users\username\.android and also other files in the same directory.Regenerated the debug.keystore file again and got the new sha1 footprint

  2. Deleted the API project in google apps console and regenerated web client_id & android client_id with new sha1 footprint

  3. Used the new web client_id and android client_id in server side code

  4. Also updated the android cliend_id in audience scope in android code

After I installed the app now, still see the same 401 error. My app engine logs show this,

I 2013-04-07 16:45:27.297 Checking for id_token.
W 2013-04-07 16:45:27.299 id_token verification failed: Invalid token signature: eyJhbGciOiJSUzI1NiIsImtpZCI6IjMzMTJkNDc0ZWUzNWRjNWU4YzFhMDE4OTkzOGZkN2E3YmUzYmRlZjYifQ.eyJpc3Mi
I 2013-04-07 16:45:27.299 Checking for oauth token.

I was able to gather more information based on Cloud endpoints oauth2 error and http://android-developers.blogspot.com/2013/01/verifying-back-end-calls-from-android.html,

I decoded the id_token being sent to the app_engine server and found that it has these fields,

cid = Android app client_id that I registered in app console for 
azp = Android app client_id 
aud = web client_id for App engine 
iss = accounts.google.com
verified_email = true
email_verified = true
email = account i selected in account picker in android app
exp = a datetime having a value in the future 
first_segment = {u'alg': u'RS256', u'kid': u'3312d474ee35dc5e8c1a0189938fd7a7be3bdef6'}

Above values seem right, but id_verification fails. Not sure why.

Had the issue again. Happens, when I reinstall my app after uninstalling. Cloudend points service threw invalid token error. Used the token and verified it using the url. Get an output like below which means the token is valid. 

"issuer": "accounts.google.com",
"issued_to": "172895167251-1prp5r093hf2nro5bei2cmc1tqf4aasdu.apps.googleusercontent.com",
"audience": "172895167251.apps.googleusercontent.com",
"user_id": "myuserid",
"expires_in": 3086,
"issued_at": 1365644284,
"email": "emailIselectedinadroidapp",
"verified_email": true
Community
  • 1
  • 1
plspl
  • 728
  • 12
  • 26
  • It seems to be working fine now. I don't get the id verification failed error. I didn't do anything, it just magically started working. Maybe its a caching issue on the google side. – plspl Apr 08 '13 at 17:27
  • Logged an issue for this,https://code.google.com/p/googleappengine/issues/detail?id=9188 – plspl Apr 17 '13 at 18:44

1 Answers1

0

Interesting. What happens if you send the id_token to tokeninfo endpoint?:

https://www.googleapis.com/oauth2/v1/tokeninfo?id_token=$id_token

breno
  • 3,226
  • 1
  • 22
  • 13
  • Thanks..will try this out when I hit the error again. Have not faced that error till now. – plspl Apr 09 '13 at 05:56