How do I add multiple SHA-256 fingerprints to my assetlinks.json for verifying Android links?

Question

I have my assetlinks set up right now like so:

[
  {
    "relation": ["delegate_permission/common.handle_all_urls"],
    "target": {
      "namespace": "android_app",
      "package_name": "com.myapp.app",
      "sha256_cert_fingerprints":
      [
        "so:me:de:bu:gs:ha",
        "so:me:pr:od:sh:aa"
      ]
    }
  },
  {
    "relation": ["delegate_permission/common.handle_all_urls"],
    "target": {
      "namespace": "android_app",
      "package_name": "com.myapp.app.staging",
      "sha256_cert_fingerprints":
      [
        "so:me:de:bu:gs:ha",
        "so:me:pr:od:sh:aa"
      ]
    }
  }
]

According to the links documentation, this field should support multiple fingerprints, but I haven't been able to find any examples of how to format this. Given that it's just JSON, the way I've formatted above seems like it should work fine, but I'm seeing that link verification is failing when I have multiple fingerprints in that field, while a single seems to work fine.

Am I just missing something very obvious here?

score 17 · Answer 1 · answered Jan 31 '22 at 11:48

I can't tell you why it's not working, as IMO it should work, but if you watch the documentation video at https://youtu.be/3bAQPnxLd4c?t=161 you will see you have to duplicate the entry.

In your case, your assetlinks.json will be :

[
  {
    "relation": ["delegate_permission/common.handle_all_urls"],
    "target": {
      "namespace": "android_app",
      "package_name": "com.myapp.app",
      "sha256_cert_fingerprints": ["so:me:de:bu:gs:ha"]
    }
  },
  {
    "relation": ["delegate_permission/common.handle_all_urls"],
    "target": {
      "namespace": "android_app",
      "package_name": "com.myapp.app",
      "sha256_cert_fingerprints": ["so:me:pr:od:sh:aa"]
    }
  },
  {
    "relation": ["delegate_permission/common.handle_all_urls"],
    "target": {
      "namespace": "android_app",
      "package_name": "com.myapp.app.staging",
      "sha256_cert_fingerprints": ["so:me:de:bu:gs:ha"]
    }
  },
  {
    "relation": ["delegate_permission/common.handle_all_urls"],
    "target": {
      "namespace": "android_app",
      "package_name": "com.myapp.app.staging",
      "sha256_cert_fingerprints": ["so:me:pr:od:sh:aa"]
    }
  }
]

How do I add multiple SHA-256 fingerprints to my assetlinks.json for verifying Android links?

1 Answers1