From 7ea45c56db09d5ad3e4535de6345be1c8349b69e Mon Sep 17 00:00:00 2001 From: Jens Hassler Date: Sat, 9 Mar 2024 21:22:26 +0100 Subject: [PATCH 1/2] add instructions to use this package without Firebase There is some confusion about using this package without Firebase, especially for correctly integrating Android. Based on the the following web resources: - https://github.com/flutter/flutter/issues/20903 - https://medium.com/codebrew/flutter-google-sign-in-without-firebase-3680713966fb --- .../google_sign_in/google_sign_in/README.md | 114 ++++++++++++++++++ 1 file changed, 114 insertions(+) diff --git a/packages/google_sign_in/google_sign_in/README.md b/packages/google_sign_in/google_sign_in/README.md index c5d7130ec8f..64095794816 100644 --- a/packages/google_sign_in/google_sign_in/README.md +++ b/packages/google_sign_in/google_sign_in/README.md @@ -185,3 +185,117 @@ implement a more complete scope handling, as described above. Find the example wiring in the [Google sign-in example application](https://github.com/flutter/packages/blob/main/packages/google_sign_in/google_sign_in/example/lib/main.dart). + + +## Using this package without Firebase + +If you are developing an app without Firebase integration and aim to obtain the idToken (JWT) for manual handling, the following information will guide you through the process. + +### Preparation in Google Cloud Console + +In [Google Cloud Console credentials section](https://console.cloud.google.com/apis/credentials) you must register at least three new "OAuth-Client-ID credentials": + +**For Android** + +You might need more than one of these, e.g.: +- one for your development app in the PlayStore (signed with the Android keystore) +- one for your production app in the PlayStore (signed with the Android keystore) +- one for local testing (signed with AndroidStudio temporary keystore) + +For each of these register a new "Android" credential with the following information: + +- Name: For displaying purposes. E.g. use your app name with suffix "Android" and the the flavor (Dev/Prod). +- Package name: Utilize the official package ID from your AndroidManifest.xml file (e.g. "com.example.app" or "com.example.app.dev") +- SHA1 fingerprint: Obtainable with the `keytool` as documented. + + - For PlayStore deployments: + + `keytool -keystore path-to-debug-or-production-keystore -list -v` + + The path of your keystore is the one you have set in your `android/key.properties` file (storeFile). + + - For local testing: + + `keytool -list -v -keystore "$HOME/.android/debug.keystore" -alias androiddebugkey -storepass android -keypass android` + + +**For Web** (even if you don't have a web app!) + +This is apparently needed as the idToken is only delivered if you use a Client-ID of a Web-OAuth-Client. + +If you already/also have a web app, you can use the existing one. +If not, generate a new OAuth-ClientID for a web application. You don't need to configure anything. + +Just copy the "Client-ID" - you will need that one later. + + +**For IOS** + +For iOS you just have to give the "Bundle-ID" which is the same as the "Package name" for Android (e.g. com.example.app). + +You might also need more than one of these if you have separate flavors of your app with different Bundle-IDs. + +You will need the "Client-ID" and the "iOS URL scheme". + + +### iOS integration + +Follow only "step 6" in [these instructions](https://pub.dev/packages/google_sign_in_ios#ios-integration) and insert your "iOS URL scheme" in the CFBundleURLSchemes. + +No further steps are required here. + + +### Android integration + +This is different if you don't use Firebase. + +In your `android/app/build.gradle` file add the following lines: + +``` +dependencies { + implementation 'com.google.android.gms:play-services-auth:21.0.0' +} +``` + +In your `android/build.gradle` file modify the dependencies in the buildscript section to include the given class: + +``` +buildscript { + ... some stuff ... + dependencies { + ... some other dependencies ... + classpath 'com.google.gms:google-services:4.3.15' + } +} +``` + +### Code + +Implement the following code in your app when a user clicks the "sign in with Google" button. +Dynamically use the correct client ID based on your build to match the Client-IDs generated in the Google console. + +For Android, use the **Web** OAuth-Client-ID. + +``` +var googleSignIn = GoogleSignIn( + scopes: ['email', 'profile'], + clientId: Platform.isIOS ? "YOUR_IOS_CLIENT_ID" : null, + serverClientId: Platform.isAndroid ? "YOUR_WEB_CLIENT_ID" : null +); + +try { + final result = await googleSignIn.signIn(); + final auth = await result?.authentication; + + if (auth == null) { + // handle error + } + + String accessToken = auth.accessToken!; + String idToken = auth.idToken!; + +} catch (e) { + // handle error +} +``` + From 1826707bbeacacb513f5d52aa04f9a0aa916698d Mon Sep 17 00:00:00 2001 From: Jens Hassler Date: Sun, 24 Mar 2024 10:00:28 +0100 Subject: [PATCH 2/2] clarification when to use Google play keys --- .../google_sign_in/google_sign_in/README.md | 34 ++++++++++++++----- 1 file changed, 25 insertions(+), 9 deletions(-) diff --git a/packages/google_sign_in/google_sign_in/README.md b/packages/google_sign_in/google_sign_in/README.md index 64095794816..9c18cc199a9 100644 --- a/packages/google_sign_in/google_sign_in/README.md +++ b/packages/google_sign_in/google_sign_in/README.md @@ -198,25 +198,41 @@ In [Google Cloud Console credentials section](https://console.cloud.google.com/a **For Android** You might need more than one of these, e.g.: -- one for your development app in the PlayStore (signed with the Android keystore) -- one for your production app in the PlayStore (signed with the Android keystore) +- one for your development app in the PlayStore (signed with Google app signature) +- one for your production app in the PlayStore (signed with Google app signature) - one for local testing (signed with AndroidStudio temporary keystore) For each of these register a new "Android" credential with the following information: - Name: For displaying purposes. E.g. use your app name with suffix "Android" and the the flavor (Dev/Prod). - Package name: Utilize the official package ID from your AndroidManifest.xml file (e.g. "com.example.app" or "com.example.app.dev") -- SHA1 fingerprint: Obtainable with the `keytool` as documented. +- SHA1 fingerprint: - - For PlayStore deployments: - - `keytool -keystore path-to-debug-or-production-keystore -list -v` + This is a bit confusing. + Every app build is signed with a certificate. For + + - **Debug builds (local)** - The path of your keystore is the one you have set in your `android/key.properties` file (storeFile). + For debug builds this certificate comes from the Android Studio debug keystore. You can obtain the SHA1 with: - - For local testing: + `keytool -list -v -keystore "$HOME/.android/debug.keystore" -alias androiddebugkey -storepass android -keypass android` - `keytool -list -v -keystore "$HOME/.android/debug.keystore" -alias androiddebugkey -storepass android -keypass android` + - **Release builds (local)** + + When building a release version of your app it is signed with a certificate coming from the keystore you defined in `android/key.properties`. + + The SHA1 hash of this certificate will be used when you test your production build locally or when you manually distribute your APKs. You can obtain that one with: + + `keytool -keystore path-to-debug-or-production-keystore -list -v` + + - **Uploads to the play store** + + For apps you upload to the play store (with `flutter build appbundle`), Google signs your package again with a different certificate managed by Google. + The local certificate (in your key.properties) is only used as an "upload key". But for the OAuth stuff you need the "app signature key". You can find that one in the Google Play console of your app. + + Please refer to the details [in the official docs](https://support.google.com/googleplay/android-developer/answer/9842756). + + This is actually the most important OAuth Client you have to create as it is used by all your users downloading the app from Google Play. **For Web** (even if you don't have a web app!)