Issue by AtifAbbAsi19
Monday Mar 18, 2019 at 11:37 GMT
Originally opened as googlearchive/android-credentials#36

SMS Verification with SMS Retriever API auto fetch issue

I'm trying to use Google's SMS Retriever API for Automatic SMS Verification, but there is an issue in it. previously , I was reading sender number using getOriginatingAddress() and if it's valid sender number then read OTP otherwise it should not read msg. As , forwarded OTP is disturbing user's privacy.

I have the following scenario.

My app is auto-fetching forwarded OTP messages.

User A installs app on his mobile and enters User B mobile number.
User B receives OTP and forwards it to User A.
App reads OTP on User A mobile and goes to home screen.
is there any way around to get sender number?

Tested on Pixel 4a running Android 11 and Android emulator running Android 11 with Google Play Services enabled.

The application never leads to a successful logged in state. The logs don't output any error.

When clicking the "Sign in with Google" button, there is a quick "flash" on the screen, but no accounts are shown and no signin is possible.

Issue by shikhakothiyal
Monday Dec 17, 2018 at 06:54 GMT
Originally opened as googlearchive/android-credentials#30

Hash key generated is not working for released apk. Do we have different keys for released and debug mode. What changes in program we need to make to get the key for released mode.

Issue by sumeet-chaayos
Friday Feb 22, 2019 at 08:00 GMT
Originally opened as googlearchive/android-credentials#34

@ankitPagalGuy @ithinkihaveacat @keyboardsurfer Sms is not getting broadcasted , when i manually broadcast the intent from adb and its receiving in broadcast receiver. Sms is :

<#> Your Verification Code is 030787. This OTP will s. NKsG/pQa+dw

Need urgent help here.

Steps

1. Import SMS Verify App Android App sample on the EEPatch 2 or Flamingo RC1
2. Upgrade AGP to 8.0.0-rc1
3. Build project(Build->Rebuild)

Observed Result:

Build failed with below error

FAILURE: Build failed with an exception.

* What went wrong:
Execution failed for task ':app:mapDebugSourceSetPaths'.
> Error while evaluating property 'extraGeneratedResDir' of task ':app:mapDebugSourceSetPaths'.
   > Failed to calculate the value of task ':app:mapDebugSourceSetPaths' property 'extraGeneratedResDir'.
      > Querying the mapped value of provider(java.util.Set) before task ':app:processDebugGoogleServices' has completed is not supported

* Try:
> Run with --stacktrace option to get the stack trace.
> Run with --info or --debug option to get more log output.
> Run with --scan to get full insights.

* Get more help at https://help.gradle.org

BUILD FAILED in 18s
26 actionable tasks: 26 executed

Issue by g123k
Friday Jun 05, 2015 at 12:58 GMT
Originally opened as googlearchive/android-credentials#3

When I try to save the credentials for the first time, I have this message in the logcat:

E/Volley  ( 1070): [250] BasicNetwork.performRequest: Unexpected response code 400 for https://www.googleapis.com/credentials/v1/credentials?alt=proto&header.playServicesVersion=7571000&obfuscationKey=44838BE022CB8E787432945F2B755C422766B72D16B5DDB5CBD56C525143C8AE
E/CredentialsApi( 1309): Error when saving credential.
E/CredentialsApi( 1309): com.google.android.gms.auth.api.credentials.a: java.io.IOException: Server error.
E/CredentialsApi( 1309):    at com.google.android.gms.auth.api.credentials.d.a(SourceFile:329)
E/CredentialsApi( 1309):    at com.google.android.gms.auth.api.credentials.be.b.e.a(SourceFile:181)
E/CredentialsApi( 1309):    at com.google.android.gms.auth.api.credentials.be.b.e.a(SourceFile:33)
E/CredentialsApi( 1309):    at com.google.android.gms.common.service.g.run(SourceFile:178)
E/CredentialsApi( 1309):    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1112)
E/CredentialsApi( 1309):    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:587)
E/CredentialsApi( 1309):    at java.lang.Thread.run(Thread.java:818)
E/CredentialsApi( 1309): Caused by: java.io.IOException: Server error.
E/CredentialsApi( 1309):    at com.google.android.gms.auth.api.credentials.be.c.d.a(SourceFile:124)
E/CredentialsApi( 1309):    at com.google.android.gms.auth.api.credentials.be.s.a(SourceFile:95)
E/CredentialsApi( 1309):    at com.google.android.gms.auth.api.credentials.be.d.a(SourceFile:279)
E/CredentialsApi( 1309):    at com.google.android.gms.auth.api.credentials.be.d.a(SourceFile:92)
E/CredentialsApi( 1309):    at com.google.android.gms.auth.api.credentials.be.z.onTransact(SourceFile:135)
E/CredentialsApi( 1309):    at android.os.Binder.execTransact(Binder.java:446)
E/CredentialsApi( 1309): Caused by: com.google.android.gms.auth.api.credentials.be.a.c
E/CredentialsApi( 1309):    at com.google.android.gms.auth.api.credentials.be.a.b.a(SourceFile:469)
E/CredentialsApi( 1309):    at com.google.android.gms.auth.api.credentials.be.a.b.a(SourceFile:156)
E/CredentialsApi( 1309):    at com.google.android.gms.auth.api.credentials.be.c.d.a(SourceFile:117)
E/CredentialsApi( 1309):    ... 5 more

I don't think the error is on the client-side, but the Intent in the onActivityResult is empty.

I'm implementing PassKey and constantly receiving the "The incoming request cannot be validated" exception.
I implemented everything according to the doc:
Defined and included dependencies:

passkey_core = "androidx.credentials:credentials:1.2.0-alpha05"
passkey_compat = "androidx.credentials:credentials-play-services-auth:1.2.0-alpha05"

passkey = [
    "passkey.core",
    "passkey.compat"
]
...
implementation(libs.bundles.passkey)

Created a strings.xml file:

<?xml version="1.0" encoding="utf-8"?>
<resources>
    <!-- TODO -->
    <string name="asset_statements" translatable="false">
  [{
    \"include\": \"https://dev.mydomain.com:22320/.well-known/assetlinks.json\"
  }]
  </string>
</resources>

Even added meta-data to the Manifest (tried with and without)

<meta-data android:name="asset_statements" android:resource="@string/asset_statements" />

The certificates, access to the JSON file and robots.txt were checked several times:

Also, requested GoogleBot to scan the page, and according to the logs it did it.

But the issue still exists.
Any other limitations of using the feature? Is it ok to use dev.domain.com and put assetlinks.json under this URL? Is it okay that the app is not published yet? Or is there any cache of the URL or something? Or is it not available immediately after the JSON file was hosted?

Issue by jeffreysham
Saturday Jun 15, 2019 at 00:42 GMT
Originally opened as googlearchive/android-credentials#38

Hi,

I'm trying to test out smart lock to see if I should start using it in my app. I cloned the project and ran the credentials-signin project on my phone, but when I try to save a new credential, I get the following error. I looked the error code up and it is the error code for resolution required

save:FAILURE
com.google.android.gms.common.api.ApiException: 6: Passphrase required.
  at com.google.android.gms.common.internal.zzb.zzy(Unknown Source:14)
  at com.google.android.gms.common.internal.zzbk.zzz(Unknown Source:0)
  at com.google.android.gms.common.internal.zzbl.zzr(Unknown Source:32)
  at com.google.android.gms.common.api.internal.BasePendingResult.zzc(Unknown Source:46)
  at com.google.android.gms.common.api.internal.BasePendingResult.setResult(Unknown Source:42)
  at com.google.android.gms.internal.zzavw.setResult(Unknown Source:2)
  at com.google.android.gms.internal.zzavv.zze(Unknown Source:2)
  at com.google.android.gms.internal.zzawc.onTransact(Unknown Source:46)
  at android.os.Binder.execTransact(Binder.java:682)

So, I was wondering why this error was happening and how to resolve it. After looking at the saveCredential(), it seems like the exception should've been an instance of ResolvableApiException.

Thanks,
Jeffrey

Add an account by going to Android Settings. Account username and password can be anything.

I would like to add User name and Password in Android setting, so please guide me, how could I proceed ?

Issue by mtrakal
Friday Sep 01, 2017 at 10:35 GMT
Originally opened as googlearchive/android-credentials#19

Make a buttons behind Dialog where you choose smart-lock saved identity (like: factory reset your phone, delete all photos, etc) and after click outside this dialog somewhere where you have some fatal button.

Diloag will dismiss, but button behind this dialog fill be forced to!!!!!!

It's useless.

Latest version of everything.

classpath 'com.android.tools.build:gradle:3.0.0-beta3'

classpath 'com.google.gms:google-services:3.1.0'
gradleVersion = '4.1'

// sdk and tools
    compileSdkVersion = 26
    buildToolsVersion = '26.0.1' // https://developer.android.com/studio/releases/build-tools.html
    minSdkVersion = 16
    targetSdkVersion = 26

    // google dependencies versions
    supportLibraryVersion = '26.0.2' // https://developer.android.com/topic/libraries/support-library/revisions.html
    playServicesVersion = '11.2.0' // https://developers.google.com/android/guides/releases

Video with weird behaviour here: https://youtu.be/CpJyR-xm4_M

Issue by michalbrz
Thursday Jan 24, 2019 at 16:02 GMT
Originally opened as googlearchive/android-credentials#32

michalbrz included the following code: https://github.com/googlesamples/android-credentials/pull/32/commits

Issue : Blockstore data not deleted even after application is uninstalled

Repro Steps :

Enabled Backup services (Settings > Google > Backup),
Saving data to blockstore using storeBytes API and with shouldBackupToCloud set as false from a test app
Uninstalled the test app
Re-installed the test app
Called retrieveBytes API and I was able to see the data stored previously at step 2. Expectation : Data should have been deleted because shouldBackupToCloud was false. From the public documentation of blockstore, it is written that data persists even after uninstalling the app. But it is not clear if it is expected to persist even if shouldBackupToCloud is set to false. What is the use of shouldBackupToCloud if the data is persisted across installs and uninstalls.

In the code snippet provided, there is a discrepancy in the order of parameters passed to the credentialManager.createCredential function in createPassword(). The function is called as follows:

credentialManager.createCredential(request, requireActivity()) as CreatePasswordResponse

The issue is that the requireActivity() function should be the first parameter given the implementation of createCredential():

public open suspend fun createCredential(
    context: Context,
    request: CreateCredentialRequest
): CreateCredentialResponse

but it is currently the second parameter. This parameter order should be corrected to maintain code clarity and consistency, especially for the codelab.

The code only has the PasskeyWebListener class and although there is a description on how it works here: https://developer.android.com/training/sign-in/credential-manager-webview, the code is missing important code like the "CredentialManagerHandler" class.

Thank you in advance

I tried to build this code in java. but i'm getting a lot of errors , Is there any one who has made this java?.

Also i tried building this peoject but it is getting failed as it is not able to find libs used in build.gradle. I'm not much familiar with kotlin. If someone could help me with this?

I have downloaded the source code and tried to configure the fido2 to work with a fido2 server.
Managed to send registerRequest and got the response. While finish handling the response, the app crash with the below error.
I would like to check if the code works and also do i have to modify to use async instead?
I need to connect to physical key and hence yet to switch to Credential Manager.

2024-05-02 16:15:50.556 25176-25176 System.out com...oid.gms.identity.sample.fido2 I DEBUGGING: Skipped: extensions 2024-05-02 16:15:50.562 25176-25176 AuthRepository com...oid.gms.identity.sample.fido2 E Cannot call registerRequest android.os.NetworkOnMainThreadException at android.os.StrictMode$AndroidBlockGuardPolicy.onNetwork(StrictMode.java:1667) at com.android.org.conscrypt.Platform.blockGuardOnNetwork(Platform.java:436) at com.android.org.conscrypt.ConscryptEngineSocket$SSLInputStream.processDataFromSocket(ConscryptEngineSocket.java:874) at com.android.org.conscrypt.ConscryptEngineSocket$SSLInputStream.readUntilDataAvailable(ConscryptEngineSocket.java:862) at com.android.org.conscrypt.ConscryptEngineSocket$SSLInputStream.read(ConscryptEngineSocket.java:835) at okio.InputStreamSource.read(JvmOkio.kt:90) at okio.AsyncTimeout$source$1.read(AsyncTimeout.kt:129) at okio.RealBufferedSource.request(RealBufferedSource.kt:206) at okio.RealBufferedSource.require(RealBufferedSource.kt:199) at okio.RealBufferedSource.readHexadecimalUnsignedLong(RealBufferedSource.kt:381) at okhttp3.internal.http1.Http1ExchangeCodec$ChunkedSource.readChunkSize(Http1ExchangeCodec.kt:429) at okhttp3.internal.http1.Http1ExchangeCodec$ChunkedSource.read(Http1ExchangeCodec.kt:408) at okhttp3.internal.Util.skipAll(Util.kt:337) at okhttp3.internal.Util.discard(Util.kt:358) at okhttp3.internal.http1.Http1ExchangeCodec$ChunkedSource.close(Http1ExchangeCodec.kt:450) at okio.ForwardingSource.close(ForwardingSource.kt:34) at okhttp3.internal.connection.Exchange$ResponseBodySource.close(Exchange.kt:309) at okio.RealBufferedSource.close(RealBufferedSource.kt:477) at okio.RealBufferedSource$inputStream$1.close(RealBufferedSource.kt:170) at sun.nio.cs.StreamDecoder.implClose(StreamDecoder.java:423) at sun.nio.cs.StreamDecoder.close(StreamDecoder.java:196) at java.io.InputStreamReader.close(InputStreamReader.java:195) at java.io.BufferedReader.close(BufferedReader.java:539) i at android.util.JsonReader.close(JsonReader.java:540) at kotlin.io.CloseableKt.closeFinally(Closeable.kt:57) at com.google.android.gms.identity.sample.fido2.api.AuthApi.parsePublicKeyCredentialCreationOptions(AuthApi.kt:332) at com.google.android.gms.identity.sample.fido2.api.AuthApi.access$parsePublicKeyCredentialCreationOptions(AuthApi.kt:55) at com.google.android.gms.identity.sample.fido2.api.AuthApi$registerRequest$2.invoke(AuthApi.kt:165) at com.google.android.gms.identity.sample.fido2.api.AuthApi$registerRequest$2.invoke(AuthApi.kt:163) at com.google.android.gms.identity.sample.fido2.api.AuthApi.result(AuthApi.kt:620) at com.google.android.gms.identity.sample.fido2.api.AuthApi.registerRequest(AuthApi.kt:163) at com.google.android.gms.identity.sample.fido2.api.AuthApi$registerRequest$1.invokeSuspend(Unknown Source:15) at kotlin.coroutines.jvm.internal.BaseContinuationImpl.resumeWith(ContinuationImpl.kt:33) at kotlinx.coroutines.DispatchedTask.run(DispatchedTask.kt:106) at android.os.Handler.handleCallback(Handler.java:942) at android.os.Handler.dispatchMessage(Handler.java:99) at android.os.Looper.loopOnce(Looper.java:226) at android.os.Looper.loop(Looper.java:313) at android.app.ActivityThread.main(ActivityThread.java:8762) at java.lang.reflect.Method.invoke(Native Method) at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:604) at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:1067)

Objective: I want to save custom credentials into the password Manager & later get that from the saved password list in Security-->Password Manager-->List of passwords.

What I have done: I tried the following approaches:

Save passwords with Credential Saving
Google Archive Code Samples
And getting the following error:

16: Skipping password saving since the user is likely prompted with Android Autofill

Sometimes the bottom sheet became visible to save the password in the password manager but most of the time I am getting the above error. In some places, I have read that a conflict with AutoFill service is the cause of this. But I cannot get more knowledge of this problem since not much documentation/implementation is there.

Any help in this matter would be highly appreciated. Thanks

request to show Passkey Auto fill uI flow and required code changes or snippet.
Please demonstrate.

Thanks
karthik K

Right now android matches the FIDO2 Spec and always sets the FacetID to the android:apk-key-hash
https://fidoalliance.org/specs/uaf-v1.0-id-20141122/fido-appid-and-facets-v1.0-id-20141122.html

This becomes a problem because the w3c webauthn doesn't allow non http:// facet IDs
w3c/webauthn#1297

The python webauthn library will also throw an exception if the decoded "origin" value from clientDataJSON doesn't match the expected_origin.

https://github.com/duo-labs/py_webauthn/blob/d8e78f000b08dcc15d194a904d1c2dd381f87a9c/webauthn/registration/verify_registration_response.py#L124

iOS has mitigated this issue in their webauthn library by forcing you to set the relying party to override the iOS app bundle ID normally used as their Facet ID according to FIDO2 Specs:
https://developer.apple.com/documentation/authenticationservices/asauthorizationplatformpublickeycredentialprovider

I believe this was supposed to be done on android with the origin field in CreatePublicKeyCredentialRequest, however its value doesn't affect the output and looking through source code the field appears to be unused
https://developer.android.com/reference/androidx/credentials/CreatePublicKeyCredentialRequest

Please get this fixed before credential manager is stable, for now it will force developers to do hacky solutions of parsing to Json Objects, decoding, changing, re-encoding, and converting back to a string for the registrationResponseJson.

Steps to reproduce:

1. Add LeakCanary to CredentialManagerSample app build.gradle (debugImplementation("com.squareup.leakcanary:leakcanary-android:2.12"))
2. Run CredentialManagerSample app
3. Click "SIGN UP"
4. Enter username and click "Sign up with passkey"
5. While the passkey creation dialog is open, rotate the device
6. Observe; passkey creation dialog gets cancelled, yet LeakCanary shows a leak of MainActivity

Note: I also checked in the Android Studio profiling heap dump and it also shows the same leak.

The problem seems to be in the android CredentialManager, not in the CredentialManagerSample app.

Affected credentials library versions: 1.2.0-beta03 and 1.2.0

LeakCanary output:

┬───
│ GC Root: Global variable in native code
│
├─ android.credentials.CredentialManager$CreateCredentialTransport instance
│ Leaking: UNKNOWN
│ Retaining 57.9 kB in 1137 objects
│ mContext instance of com.google.credentialmanager.sample.MainActivity with
│ mDestroyed = true
│ ↓ CredentialManager$CreateCredentialTransport.mContext
│ ~~~~~~~~
╰→ com.google.credentialmanager.sample.MainActivity instance
     Leaking: YES (ObjectWatcher was watching this because com.google.
     credentialmanager.sample.MainActivity received Activity#onDestroy()
     callback and Activity#mDestroyed is true)
     Retaining 51.5 kB in 1000 objects
     key = d8330c9b-b0e1-4654-8630-f8917d10c9ff
     watchDurationMillis = 89005
     retainedDurationMillis = 84002
     mApplication instance of android.app.Application
     mBase instance of androidx.appcompat.view.ContextThemeWrapper

METADATA

Build.VERSION.SDK_INT: 34
Build.MANUFACTURER: Google
LeakCanary version: 2.12
App process name: com.google.credentialmanager.sample
Class count: 27499
Instance count: 199781
Primitive array count: 146738
Object array count: 29293
Thread count: 25
Heap total bytes: 27370119
Bitmap count: 0
Bitmap total bytes: 0
Large bitmap count: 0
Large bitmap total bytes: 0
Stats: LruCache[maxSize=3000,hits=111427,misses=192082,hitRate=36%]
RandomAccess[bytes=9443680,reads=192082,travel=62550215614,range=33191621,size=4
1623102]
Analysis duration: 184237 ms

on some devices like Samsung A32 Android-11 I have this exception:

com.google.android.gms.common.api.ApiException: 8: 
        at com.google.android.gms.common.internal.ApiExceptionUtil.fromStatus(com.google.android.gms:play-services-base@@17.1.0:4)
        at com.google.android.gms.common.internal.zai.zaf(com.google.android.gms:play-services-base@@17.1.0:2)
        at com.google.android.gms.common.internal.zak.onComplete(com.google.android.gms:play-services-base@@17.1.0:6)
        at com.google.android.gms.common.api.internal.BasePendingResult.zaa(com.google.android.gms:play-services-base@@17.1.0:176)
        at com.google.android.gms.common.api.internal.BasePendingResult.setResult(com.google.android.gms:play-services-base@@17.1.0:135)
        at com.google.android.gms.internal.auth-api.zzl.zzd(com.google.android.gms:play-services-auth@@19.0.0:4)
        at com.google.android.gms.internal.auth-api.zzu.zzc(com.google.android.gms:play-services-auth@@19.0.0:9)
        at com.google.android.gms.internal.auth-api.zzc.onTransact(com.google.android.gms:play-services-auth@@19.0.0:13)
        at android.os.Binder.execTransactInternal(Binder.java:1190)
        at android.os.Binder.execTransact(Binder.java:1159)

as the documents for status code 8 says this exception is related to INTERNAL_ERROR and the description says recalling the api will fix it. but it does NOT.

Issue by ankitPagalGuy
Tuesday Nov 07, 2017 at 14:15 GMT
Originally opened as googlearchive/android-credentials#21

when first time , I insert phone no and wait for SMS , it does not auto fill the OTP
here is log -
11-07 19:36:44.683 2143-2143/? I/SmsRetriever: [SmsRetrieverApiChimeraService] Prefix does not match 11-07 19:36:44.683 2143-2143/? I/SmsRetriever: [EndsWithStringMatcher] Found a match 11-07 19:36:44.683 2143-2143/? I/SmsRetriever: [SmsRetrieverApiChimeraService] No matching message is found

But if go back and again fill the phone no , it fills the OTP
here is log -
11-07 19:38:43.314 2143-2143/? I/SmsRetriever: [EndsWithStringMatcher] Found a match 11-07 19:38:43.314 2143-2143/? I/SmsRetriever: [SmsRetrieverApiChimeraService] Matched prefix:[#]

Have tried debugging but can't find anything

Is there a sample planned for Credential Manager with Sign in with Google?

https://developer.android.com/training/sign-in/credential-manager

We struggled with it, found a fix, but unclear if it's a fix for all situations?

Issue by Nublo
Friday Jun 21, 2019 at 12:48 GMT
Originally opened as googlearchive/android-credentials#39

Steps to reproduce

• Set Don't keep activities flag
• Open app -> You will see email dialog
• Fold the app
• Unfold
• Tap on the dialog with any email

Result
In the form you will see(label with email field), that you are still signOut.

Expected result
You will be signedIn(correct email is shown).

Addition
If after this steps you will fold/unfold application one more time you will be signedIn.
As expected.

I investigated a little bit, and looks like we are not receiving onActivityResult after first fold/unfold, but receive after second, which is super strange.

I'm getting the following error, I registered the credential using fido2, then I updated the application and I came across this error - showing the following message in the app: no access password available

2023-05-03 11:25:41.267 1218-1218 keystore keystore E Failed to decrypt blob; ciphertext or tag is likely
corrupted 2023-05-03 11:25:41.271 6033-6089 Fido com.google.android.gms.ui
E [AuthenticationOperation] Error checking whether the credential exists
java.util.concurrent.ExecutionException: ztv: 8:
Error looking up Android KeyStore key at cwrw.s(:com.google.android.gms@[email protected] (150408-527344967):3)
at cwrw.get(:com.google.android.gms@[email protected] (150408-527344967):9)
at aipx.run(:com.google.android.gms@[email protected] (150408-527344967):43)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:462)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at abgp.c(:com.google.android.gms@[email protected] (150408-527344967):6)
at abgp.run(:com.google.android.gms@[email protected] (150408-527344967):7)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1167)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:641)
at ablw.run(:com.google.android.gms@[email protected] (150408-527344967):0)
at java.lang.Thread.run(Thread.java:923) Caused by: ztv: 8: Error looking up Android KeyStore key

com.google.android.gms.ui W [FingerprintOrScreenlockUserVerifier] Error when accessing KeyStore.
aree: Unable to get the private key from Android Keystore
at ared.a(:com.google.android.gms@[email protected] (150408-527344967):0)
at ahtb.c(:com.google.android.gms@[email protected] (150408-527344967):3)
at ahtb.f(:com.google.android.gms@[email protected] (150408-527344967):1)
at ahyb.a(:com.google.android.gms@[email protected] (150408-527344967):4)
at cssf.t(:com.google.android.gms@[email protected] (150408-527344967):2)
at ahyd.b(:com.google.android.gms@[email protected] (150408-527344967):6)
at ahyd.c(:com.google.android.gms@[email protected] (150408-527344967):0)
at aizc.a(:com.google.android.gms@[email protected] (150408-527344967):3)
at cls.b(:com.google.android.gms@[email protected] (150408-527344967):4)
at cls.f(:com.google.android.gms@[email protected] (150408-527344967):2)
at cls.l(:com.google.android.gms@[email protected] (150408-527344967):2)
at clp.run(:com.google.android.gms@[email protected] (150408-527344967):0)
at android.os.Handler.handleCallback(Handler.java:938)
at android.os.Handler.dispatchMessage(Handler.java:99)
at android.os.Looper.loop(Looper.java:236)
at android.app.ActivityThread.main(ActivityThread.java:8061)
at java.lang.reflect.Method.invoke(Native Method)
at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:656)
at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:967)

I tried to just take the PhoneNumberActivity into an existing project. Made it be able to be built, but then when there was no error anymore in it, I got this weird issue:

How come?

When the demo app starts, obviously there is no user logged in yet. "Load credential" actually leads to an error message in the console: "Credential does not contain ID Tokens" when I choose a Google account from the credential selection UI. I believe that a login should be triggered instead.

I think I actually found where the bug is. The following code segments have their orders reversed in requestCredentials():

                   if (e instanceof ResolvableApiException) {
                        ... ...
                        resolveResult(rae, RC_READ);
                        return;
                    }

                    if (e instanceof ApiException) {
                        ApiException ae = (ApiException) e;
                        if (ae.getStatusCode() == CommonStatusCodes.SIGN_IN_REQUIRED) {
                            // This means only a hint is available, but we are handling that
                            // elsewhere so no need to act here.
                        } else {
                            Log.w(TAG, "Unexpected status code: " + ae.getStatusCode());
                        }
                    }

SIGN_IN_REQUIRED does not seem to be handled anywhere else. Here it is just preempted and will never be executed.

I am surprised that no one seems to be complaining about this issue. Is this code been actively worked on? Does anyone else have the same issue?

Thanks,
Joshua

I noticed that every time I install the app, it seems to randomly choose one of my accounts on the device. First off, it's pretty hidden and you have to pay attention to it on the passkey creation sheet. Secondly I can't figure out why it chooses one account over the other. Even on my other app that is on the play store, you would assume that it prioritizes the account that installed the app, but that does not seem to be the case.

What is the logic behind this account selection and is there a way to influence it?

compileSdkVersion 25 - should be 29
buildToolsVersion '25.0.3'  - should be removed
targetSdkVersion 25 - should be 29

implementation 'com.android.support:appcompat-v7:25.3.1'
implementation 'com.android.support:design:25.3.1'
implementation 'com.android.support.constraint:constraint-layout:1.0.2'
implementation 'com.android.support:support-v4:25.3.1'

-should use android x

implementation 'com.android.support:design:25.3.1'
implementation 'com.google.android.gms:play-services-base:11.0.1'
implementation 'com.google.android.gms:play-services-identity:11.0.1'
implementation 'com.google.android.gms:play-services-auth:11.0.1'
implementation 'com.google.android.gms:play-services-auth-api-phone:11.0.1'

-all of these are very outdated and the samples use deprecated classes and functions.

Issue by Bruno-Furtado
Monday Jan 07, 2019 at 22:17 GMT
Originally opened as googlearchive/android-credentials#31

It's possible to get the full phone number using the SMS Retriever API, but we can get only the country code?

• If yes.. How?
• If not.. Is there any way to extract it from the phone number?

Issue by amalChandran
Wednesday May 23, 2018 at 06:51 GMT
Originally opened as googlearchive/android-credentials#28

Device name: Nexus 5, LG
OS: 6.0.1
Android runtime: ART 2.1.0
Google play version: 12685022(Not able to update this on this phone)

I tested my implementation on the above device. It successfully starts the retriever, but I never receive any broadcast in the onReceive even after I receive the SMS.

I tried apps like Uber, etc that are using this feature on the same phone, none worked.

However, on other devices, my implementation worked as expected. On these other phones, the version of google play services is 12685025.

I tried to follow Android Passkey codelab steps.
But when trying to create new account I am receiving an error:

createPasskey failed with exception: The incoming request cannot be validated

This reproduces for both credman_codelab branch and for master branch.

Can anyone from the google team help with that?

Issue by thuan09878
Wednesday Mar 20, 2019 at 10:05 GMT
Originally opened as googlearchive/android-credentials#37

This works well with SMS from another phone but the broadcast receiver can’t read the SMS from server with the same content.

Do you have any solution for this issue?

Error - https://support.google.com/android/thread/54435386?hl=en

Solution - AutofillManager.commit() works as written in this thread.

Hi @niharika2810 and team

We have successfully implemented passkeys following the guidelines provided in the Android documentation: https://developer.android.com/training/sign-in/passkeys#kotlin.

The passkeys functionality works as expected on Android versions 13 and below. However, we encountered an issue on devices running Android 14, where users received an error message stating "Your device doesn't support credential manager."

According to the documentation, the minimum supported version for Credential Manager on Android devices is 4.4 or Android 19.

We'd like to ask you to resolve this issue quickly. Thank you.

Steps, executed on a Samsung Galaxy S23 running Android 14:

• run CredentialManagerSample app, built from current main branch
• click "SIGN UP"
• enter a username and click "Sign Up with passkey"
• when the passkey creation dialog is open, tap outside the dialog
• the dialog is closed and the app is stuck with "operation in progress" and disabled buttons

When the dialog is exited with the cancel button, the app informs with a dialog that the user cancelled.

I have integrate blockstore for my app. It is working on same device. If i uninstall or install again. I am able to get previous data which is store. But unable to get same data on other device. I am testing this on debug. Please help me here.

Issue by Drjacky
Tuesday Jun 25, 2019 at 15:35 GMT
Originally opened as googlearchive/android-credentials#40

When I use iTerm2 terminal and work with the file, it shows:

base64: invalid input

But still generating some part of a wrong certificate in hex and generating a wrong SMS Retriever hash code as well.
But when I use regular Terminal, it works well.

A sample wrong output:

➜  Desktop ./sms_retriever_hash_v9.sh --package com.example.test --keystore /path/keystore.jks

package name: com.example.test
keystore file: /path/keystore.jks

File /path/keystore.jks is found.

Enter keystore password:  password
base64: invalid input

certificate in hex: 328202c5308201ada00362010202043d1336f8300d06092a864486f70d01010b050030133111300f0603550403430853

SHA-256 output in hex: bf0ae40bf16485b2320765f3c824e263dfba8d09ec46307d6b4dd3153cfbc287

First 8 bytes encoded by base64: ywrkS/HkhbI

SMS Retriever hash code:  ywrkS/HkhbI

Machine: Mac OS 10.14.5
iTerm2 version: 3.2.9

Help , I am getting unable to sync account.

From the CredentialManagerSample App I tried to enrol with Passkeys following these steps

1. Install the CredentialManagerSample Application
2. Logout from the Google Account from the Settings and Login back again
3. Enter the userName and click Sign Up with Passkeys .
4. A pop up appears displaying Use yours screen lock for encryption.
5. Click on Use Screen Lock and next thing is another dialog showing An error occured

From the logs I am getting : createPasskey failed with exception: Unable to get sync account.
For Sign In request : getCredential failed with exception: Failed to decrypt credential.

Work Around : I need to turn On/OFF Wifi or restart the device.

Anyone faces the same issue and have any idea how to resolve it?

Device : Pixel 3
OS : Android 12

Issue by nikhil-sh
Monday Jul 10, 2017 at 08:26 GMT
Originally opened as googlearchive/android-credentials#14

I have used various methods mentioned to generated hash code. I have tried them all. Problem is each method generated different hash.

I have tried them on both the debug.keystore and release keystore.jks

here is stackoverflow question for the same

I have tried following method:
Here are those various methods:

1. linux command as describe here - help doc
2. sms_retriever_hash_v9 file present in the sample code
3. By including AppSignatureHelper from sample app.

From https://developer.android.com/training/sign-in/passkeys#passkey-endpoints

Ideally with some well known URLs and Android App Links so they open up and not via Chrome

{
  "enroll": "https://example.com/account/manage/passkeys/create"
  "manage": "https://example.com/account/manage/passkeys"
}

I am trying to sign a challenge with existing created passkey but when i pass the allowCredentials array it throws the error "No credentials available"
{ "rpId": "myrpid", "supportedCredentialKinds": [ { "kind": "Fido2", "factor": "either", "requiresSecondFactor": false }, { "kind": "RecoveryKey", "factor": "either", "requiresSecondFactor": false } ], "challenge": "", "externalAuthenticationUrl": "", "allowCredentials": { "webauthn": [ { "type": "public-key", "id": "Qp7B6Q3AtXpEg5T6eB8JXg" } ], "key": [] } }

Issue by mypplication
Monday Dec 28, 2015 at 11:25 GMT
Originally opened as googlearchive/android-credentials#6

Hello,
I see that this API supports Facebook. But how to properly use with it? there have no technique to connect in "silent" with the Facebook SDK.
Can you explain how we should use it ?

Thank you.

I am trying to implement FIDO2 on Android, and I am testing using the CredentialManager sample and code lab. However, when I click on "Sign Up with passkey", I get the following exception:

Auth com.google.credentialmanager.sample E createPasskey failed with exception: The incoming request cannot be validated

The Documentation suggests "The app's package ID is not registered with your server. Validate this in your server-side integration." However, I have the assetlinks.json hosted on my domain, and I have used the following tools to verify:

• https://developers.google.com/digital-asset-links/tools/generator
• https://digitalassetlinks.googleapis.com/v1/statements:list?source.web.site=${SOURCE_WEB_SITE}&relation=delegate_permission/common.handle_all_urls

The asset links looks like this:

[
  {
    "relation" : [
      "delegate_permission/common.handle_all_urls",
      "delegate_permission/common.get_login_creds"
    ],
    "target" : {
      "namespace" : "web",
      "site" : "${SITE}"
    }
  },
  {
    "relation" : [
      "delegate_permission/common.handle_all_urls",
      "delegate_permission/common.get_login_creds"
    ],
    "target" : {
      "namespace" : "android_app",
      "package_name" : "com.google.credentialmanager.sample",
      "sha256_cert_fingerprints" : [
        "${SHA256_CERT_FINGERPRINT}"
      ]
    }
  }
]

Any thoughts or suggestions?

There is a question about the credential management API, and the document will explain that the public key information returned by registration/login should be saved on the server. So, what exactly is the public key information stored on the server used for? I don't think there is any operation to save the public key to the server in the demo. It only relies on simulating the request JSON returned by the server to use the credential management API for login?

Issue by choxxy
Monday Dec 10, 2018 at 07:27 GMT
Originally opened as googlearchive/android-credentials#29

How does one retrieve the OTP sms sender/originator ID?

I tried to follow Android Passkey codelab steps.
I'm consistently encountering an exception error while attempting to sign up for a passkey : The incoming request cannot be validated

The asset links looks like this:

[
  {
    "relation" : [
      "delegate_permission/common.handle_all_urls"
    ],
    "target" : {
      "namespace" : "web",
      "site" : "${SITE}"
    }
  },
  {
    "relation" : [
      "delegate_permission/common.handle_all_urls",
      "delegate_permission/common.get_login_creds"
    ],
    "target" : {
      "namespace" : "android_app",
      "package_name" : "${applicationId}",
      "sha256_cert_fingerprints" : [
        "${SHA256_CERT_FINGERPRINT}"
      ]
    }
  }
]

Created a strings.xml file:

<?xml version="1.0" encoding="utf-8"?>
<resources>
    <!-- TODO -->
    <string name="asset_statements" translatable="false">
  [{
    \"https://${ourSiteDomain}/.well-known/assetlinks.json\"
  }]
  </string>
</resources>

Even added meta-data to the Manifest (tried with and without)

<meta-data android:name="asset_statements" android:resource="@string/asset_statements" />

Could someone from the Google team assist with resolving the recurring 'The incoming request cannot be validated' exception?

Adapting the sample for compose instead of fragments seems complex. I've done this before, but also made mistakes, so a compose sample would help the adoption.

I guess Compose + MAD, such as ViewModels, which complicate where you hoist auth logic and state.

Issue by iam1492
Wednesday Apr 11, 2018 at 15:19 GMT
Originally opened as googlearchive/android-credentials#27

When I trying to retrieve phone number with Credentials api some device failed to showing phone number picker dialog and just showing empty dialog and the dialog disappear quickly with sliding animation.

Below is my code sample. (And I also tried with google sample)

val hintRequest = HintRequest.Builder()
            .setPhoneNumberIdentifierSupported(true)
            .setEmailAddressIdentifierSupported(false)
            .build()
        val options = CredentialsOptions.Builder()
                .forceEnableSaveDialog()
                .build()
        val pendingIntent = Credentials.getClient(this, options).getHintPickerIntent(hintRequest)
        startIntentSenderForResult(pendingIntent.intentSender, PHONE_REQUEST, null, 0, 0, 0)

and OnActivityResult

override fun onActivityResult(requestCode: Int, resultCode: Int, data: Intent?) {
        super.onActivityResult(requestCode, resultCode, data)

        if (requestCode == PHONE_REQUEST) {
            if (data != null) {
                val credential: Credential? = data.getParcelableExtra(Credential.EXTRA_KEY)
                val phoneNumber = credential?.id
                // Some of our device fail to get phoneNumber here.
            }
        }
    }

In this case, empty popup showed up and disappear quickly with weird animation.
And no value returned in onActivityResult callback.
Even if it fails, popup will not appear and developer should know before popup is showing.
If developer can know this will happen earlier, developer can do alternative way. For example, make user type their phone number manually.
This issue is not related with Android version. Brand new phone or old phone have same issue and might be related with SIM card.(I guess..)
I saw this bug on Samsung galaxy S7, S9.(one of S9 phone we have works fine but the other not)

Thanks!