Google云端硬盘访问/授权仅适用于直接/调试版本 [英] Google Drive access/authorization only works with direct/debug build

问题描述

我一直在尝试诊断OAuth 2.0，客户端ID和Google API访问权限(特别是Google云端硬盘)的授权问题.

I've been trying for a while to diagnose an authorization issue with OAuth 2.0, client ids, and Google APIs access (specifically Google Drive).

一般的问题是，只有在直接通过USB在我的设备上构建和运行时，这些东西才起作用.我不会详细介绍实际的代码-因为我已经完成了此处的其他地方 —所以我可以专注于当前的事情，希望(希望)向比我聪明的人指出问题所在.

The general problem has been that things only work when building and running directly via USB on my device. I won't go into detail about the actual code — since I've done that elsewhere here — so I can focus on the current thing that will (hopefully) indicate to someone smarter than me what the problem is.

1. 最初，在使用我的设备进行开发时，我无法完全获得Google云端硬盘授权的问题.然后我发现这是因为Android Studio使用其自己的debug.keystore对调试APK进行了签名，因此我转到了Google API凭据信息中心，并为我的应用包和调试密钥库创建了其他OAuth2凭据(即，除了现有的用于应用程序包和我的发布密钥库).似乎效果很好.

1. Originally I had an issue with not being able to get Google Drive authorization working at all when developing on my device. Then I figured out that's because Android Studio signs the debug APK with its own debug.keystore, and so I went to the Google APIs credentials dashboard and created additional OAuth2 credentials for my app package and the debug keystore (i.e., in addition to the existing ones for the app package and my release keystore). Seemed to work great.

除了部署到Google Play的发行包以外，其他所有功能均无效.即使用户从Google的授权流程中选择了帐户，他们也无法获得授权.

Except release packages deployed to Google Play didn't work. They failed to get authorization, even after the user selected their account from Google's authorization flow.

我的下一个想法(最后是经过几个月的尝试)是我针对同一应用程序包的两组凭据-一组使用Android Studio调试密钥库而一组使用我的发行密钥库-发生冲突.因此，我想出了如何强制Android Studio使用发布密钥库对部署到设备上的调试版本进行签名的方法，并摆脱了Google API仪表板上的调试密钥库凭据.一切似乎都正常.以为这解决了问题.

My next idea (finally, after months of trying) was that my two sets of credentials for the same app package — one using the Android Studio debug keystore and one using my release keystore — were in conflict. So I figured out how to force Android Studio to sign debug builds deployed to my device with my release keystore, and got rid of the debug keystore credentials on the Google APIs dashboard. Everything seemed to work. Thought this had solved the problem.

然后，在昨晚某个时候，将我希望固定的捆绑包上传到Google Play之后，我自己的设备应用程序从我直接部署的调试版本更新为Google Play版本(因为versionCode是一样吗?而Google Play版本会成为首选?)，...现在不起作用.我在logcat中得到了一个W.System.err消息流，它很模糊，因为它显然是Google Play APK.

Then, at some point last night, after uploading what I'd hoped was a fixed bundle to Google Play, my own device app updated from my directly deployed debug build to the Google Play version (because the versionCodes are the same? and the Google Play version gets preferred?) and...now it doesn't work. I get a — well, an obfuscated stream of W.System.err messages in logcat, since it's a Google Play APK, apparently.

当我再次通过USB从Android Studio直接部署到我的设备，覆盖Google Play APK，相同版本代码，未触碰其他东西等时，它就会起作用-至少要等到Google Play再次覆盖它. >

When I deploy directly from Android Studio to my device again via USB, overwriting the Google Play APK, same versionCode, nothing else touched, etc., it works — at least until Google Play overwrites it again.

(已确认...我可以在Google Play应用中手动点击更新，它将用昨天上传的Google Play版本覆盖通过USB刚刚部署的调试APK和刚刚运行的调试APK，Google云端硬盘会不再工作.)

( Confirmed...I can manually hit update in the Google Play app and it will overwrite my just-deployed-via-USB and just-working debug APK with the Google Play version uploaded yesterday, and Google Drive will no longer work.)

(编辑#2:此外，我已经仔细检查过，并且Google API控制台中的凭据使用了正确的SHA-1签名.实际上，自从我设置了Google管理的签名以来，我的三个本地发行证书以及Google Play的应用签名证书和上传证书全部相同，因此使用错误的证书的机会很小.)

(EDIT #2: Also, I've double-checked, and the credentials in the Google APIs console are using the right SHA-1 signature. In fact, ever since I set up Google-managed signing, it seems that all three of my local release certificate and Google Play's app-signing certificate and upload certificates are the same, so there's very little chance of using the wrong one.)

这意味着我的应用程序唯一可以访问Google云端硬盘的版本是直接从Android Studio构建和部署的版本.

What this means is that the only version of my app that can access Google Drive is the one built and deployed directly from Android Studio.

这表明明显吗?

推荐答案

您是否以APK或捆绑包(.aab)的形式部署到Google Play?如果是后者，您可以尝试以APK的形式发布，以防万一Google的重新签名是有原因的-尽管我不知道这是怎么回事.请注意，在这种情况下，我认为您必须分别上传符号.

Are you deploying to Google Play as an APK or a bundle (.aab)? If the latter, you might try doing a release as an APK, in case Google's re-signing is somehow a cause -- although I can't see how it could be. Note that I believe you'll have to upload your symbols separately in that case.

您无法为已发布的应用更改签名证书，因此我不会对此进行混乱，但是您可以与Google的签名支持联系，以便至少他们可以验证事情的设置方式是否存在打h在他们的尽头.

You can't change your signing certificates for a released app, so I wouldn't mess with those, but you might contact Google's signing support so at very least they can verify that there's no hiccup in the way things are set up on their end.

这篇关于Google云端硬盘访问/授权仅适用于直接/调试版本的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！