Firebase:Google api密钥限制无效 [英] Firebase: Google api key restriction doesn't work

问题描述

Firebase在Google API控制台上为我创建了一个API密钥.在那里，我添加了一个限制，使其只能由具有特定程序包名称和指纹的Android应用程序使用.

Firebase created for me an API key on Google API console. There I added a restriction to make it usable only by an Android app with a specific package name and fingerprint.

但是，我仍然可以将密钥与其他程序包名称一起使用(我更改了Gradle的应用程序ID).有什么问题吗?

However I can still use the key with a different package name (I changed the application Id for Gradle). What could be wrong?

推荐答案

Firebase不会尝试基于主机应用程序的应用程序ID或签名哈希来限制Realtime Database的使用.在控制台中创建新的Android应用时，您会在用于签名密钥的文本字段下注意到以下文本:

Firebase doesn't attempt to restrict usage of Realtime Database based on the host app's application ID or signing hash. When you create a new Android app in the console, you'll notice the following text under the text field for signing key:

对于以下版本中的动态链接，邀请和Google登录支持是必需的验证码在设置"中编辑SHA-1.

Required for Dynamic Links, Invites, and Google Sign-In support in Auth. Edit SHA-1s in Settings.

这些是唯一受应用程序ID和签名哈希影响的Firebase功能.需要应用程序ID的原因是为了帮助Gradle插件将google-services.json文件与为其构建的应用程序匹配.这不是安全措施.

These are the only Firebase features that are affected by the application ID and signing hash. The reason an application ID is require is to help the Gradle plugin match a google-services.json file to the app it was built for. It's not a security measure.

如果您在build.gradle中更改了应用程序ID，但未创建新应用程序并下载了新的google-services.json文件，则您的构建应会失败，并显示以下消息:

If you change your application ID in build.gradle but don't create a new app and download a new google-services.json file, your build should fail with this message:

找不到与包名称"your.new.package.name"匹配的客户端

No matching client found for package name 'your.new.package.name'

这篇关于Firebase:Google api密钥限制无效的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！