问题
I've been trying for a while to diagnose an authorization issue with OAuth 2.0, client ids, and Google APIs access (specifically Google Drive).
The general problem has been that things only work when building and running directly via USB on my device. I won't go into detail about the actual code — since I've done that elsewhere here — so I can focus on the current thing that will (hopefully) indicate to someone smarter than me what the problem is.
Originally I had an issue with not being able to get Google Drive authorization working at all when developing on my device. Then I figured out that's because Android Studio signs the debug APK with its own debug.keystore, and so I went to the Google APIs credentials dashboard and created additional OAuth2 credentials for my app package and the debug keystore (i.e., in addition to the existing ones for the app package and my release keystore). Seemed to work great.
Except release packages deployed to Google Play didn't work. They failed to get authorization, even after the user selected their account from Google's authorization flow.
My next idea (finally, after months of trying) was that my two sets of credentials for the same app package — one using the Android Studio debug keystore and one using my release keystore — were in conflict. So I figured out how to force Android Studio to sign debug builds deployed to my device with my release keystore, and got rid of the debug keystore credentials on the Google APIs dashboard. Everything seemed to work. Thought this had solved the problem.
Then, at some point last night, after uploading what I'd hoped was a fixed bundle to Google Play, my own device app updated from my directly deployed debug build to the Google Play version (because the versionCodes are the same? and the Google Play version gets preferred?) and...now it doesn't work. I get a — well, an obfuscated stream of W.System.err messages in logcat, since it's a Google Play APK, apparently.
When I deploy directly from Android Studio to my device again via USB, overwriting the Google Play APK, same versionCode, nothing else touched, etc., it works — at least until Google Play overwrites it again.
(EDIT: Confirmed...I can manually hit update in the Google Play app and it will overwrite my just-deployed-via-USB and just-working debug APK with the Google Play version uploaded yesterday, and Google Drive will no longer work.)
(EDIT #2: Also, I've double-checked, and the credentials in the Google APIs console are using the right SHA-1 signature. In fact, ever since I set up Google-managed signing, it seems that all three of my local release certificate and Google Play's app-signing certificate and upload certificates are the same, so there's very little chance of using the wrong one.)
What this means is that the only version of my app that can access Google Drive is the one built and deployed directly from Android Studio.
Does that suggest anything obvious?
回答1:
Are you deploying to Google Play as an APK or a bundle (.aab)? If the latter, you might try doing a release as an APK, in case Google's re-signing is somehow a cause -- although I can't see how it could be. Note that I believe you'll have to upload your symbols separately in that case.
You can't change your signing certificates for a released app, so I wouldn't mess with those, but you might contact Google's signing support so at very least they can verify that there's no hiccup in the way things are set up on their end.
回答2:
When you publish app through Google Play and if you have opted for app signing by Google Play, the keys you used to sign your app while building in Android Studio are overwritten by new key from Google Play.
You can check the app signing keys at Google Play Console under
Release Management -> App Signing
Now copy either SHA-256 certificate fingerprint or SHA-1 certificate fingerprint from here and go to Google developer console or Google Cloud Console
Project->API Keys->OAuth 2.0 Client IDs Map your package name and SHA fingerprint to OAUTH Client id.
If you are using Firebase and have added google-service.json then you can also map the SHA fingerprint to you app via Firebase console from
Project Overview -> Project Settings -> General
Scroll down to your app and add your SHA fingerprint there.
来源:https://stackoverflow.com/questions/62817234/google-drive-access-authorization-only-works-with-direct-debug-build