Skip to content
This repository has been archived by the owner on Dec 8, 2022. It is now read-only.

Question to oauth2 - invalid_scope #682

Open
AndroidJVCDER opened this issue Jun 24, 2015 · 6 comments
Open

Question to oauth2 - invalid_scope #682

AndroidJVCDER opened this issue Jun 24, 2015 · 6 comments

Comments

@AndroidJVCDER
Copy link

Hallo everybody :-)

I tried to fork your project to use some parts of the code.Currently I have a new packagename in my project.
I got an" com.google.android.gms.auth.GoogleAuthException: INVALID_SCOPE" exception
here:

oauthLoginToken = GoogleAuthUtil.getTokenWithNotification(AndlyticsApp.getInstance(), accountName, OAUTH_LOGIN_SCOPE, null);

If I use the andlytics packagename everything goes right.

Do I have to add something to the developer console or even do somehting special with apk signing?

Thank you so much :-)
@nelenkov
Copy link
Contributor

I think you need to create a new client ID for your application in Google's developer console. You need to use your own package name and signing certificate hash.

https://console.developers.google.com

@AndroidJVCDER
Copy link
Author

thank you for answering:)

I actually did, but there is no permission for the scope: oauth2:https://www.google.com/accounts/OAuthLogin

What kind of config, permission should I add there?

@nelenkov
Copy link
Contributor

Not sure what you are doing, but the only two fields in the 'Create Client ID' dialog are 'package name' and 'signing certificate fingerprint'. You don't need any permissions.

@AndroidJVCDER
Copy link
Author

I exactly did this, but always invalid scope on different devices... :-(
Did you create two client ids, one for debug and one for release? I asked myself, why I could get a token with andlytics code without signing with your keystore or even if I used the packagename with totally different signing. Is this an security issue?!

Maybe someone has an idea how solve this?
I am confused..

@nelenkov
Copy link
Contributor

Yes, there are debug and release Client IDs. oauth2:https://www.google.com/accounts/OAuthLogin is not a 'real' scope, it just gives you a token so you can access other services, so you shouldn't need to register. I think the client ID is only used for the AdSense API, you shouldn't need one for anything else, but something might have changed on Google's side. Did you change anything else?

@AndroidJVCDER
Copy link
Author

I did not change anything. Only the package name of andlytics for tryouts ...and after I got this exception.
Can we get in private contact? I would like to pay you for your help :-)

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@nelenkov @AndroidJVCDER