Google Sign In via Credential Manager not working

[erickok]

Checklist

• [X] The issue can be reproduced in the attached sample application in the repository.
• [X] I have read the relevant SDK documentation and have not found a suitable solution or answer.
• [X] I agree to the terms within the SAP Code of Conduct.

Description

We are upgrading our apps from Gigya 6.x to 7.x. With this, we also need to switch from the in-build social providers to the separate wrapper Java classes. Normal login via email/password and via Facebook social are already working, but Google sign in is not.

We have added the GoogleProviderWrapper en ensure the server client ID is read correctly from the XML string resource. I can debug the GoogleProviderWrapper and see that it is correctly working up to the point where the getCredentialAsync is receiving an onError. Specifically, a NoCredentialException (even on the 2nd try, with setFilterByAuthorizedAccounts false). I'm not sure what can be the issue.

I have even tried to modify the code fro using a GetGoogleIdOption to using a GetSignInWithGoogleOption. With the latter, I get 1 step further, I get presented the SIgn In With Google pop-up, and get in the onResult callback and it looks to be working, but after the result is returned to Gigya I receive this error:

2024-08-09 11:52:30.854  7320-7320  GigyaSDK                be.vrt.example_audio_video           D  << ApiService *** SEND REQUEST with:
                                                                                                    {
                                                                                                      "callId": "76c23cb051abe89a7316d3242c0f6305",
                                                                                                      "errorCode": 500002,
                                                                                                      "errorMessage": "Server login error",
                                                                                                      "apiVersion": 2,
                                                                                                      "statusCode": 500,
                                                                                                      "statusReason": "Internal Server Error",
                                                                                                      "time": "2024-08-09T09:52:30.990Z",
                                                                                                      "ignoredParams": [
                                                                                                        {
                                                                                                          "paramName": "idToken",
                                                                                                          "warningCode": 403007,
                                                                                                          "message": "This parameter was not recognized as valid for this API method with your security credentials nor was it recognized as a standard Gigya control parameter."
                                                                                                        }
                                                                                                      ],
                                                                                                      "errorDetails": "500002 - Server login error"
                                                                                                    } >>

As the idToken parameter is code from your own GoogleProviderWrapper (as retrieved from GitHub releases), I seem to be blocked.

Thanks in advance for your help.

Reproduction

Empty project with Core Gigya 7.1 (via Maven), GoogleProviderWrapper.java and Google API Console project setup. It was also working fine with Core 6.1 which was using the deprecated Goole Sign In SDK instead of Credential Manager.

Additional context

No response

SDK version

7.1

[erickok]

I have also tried to downgrade to Gigya 7.0.11 with the GoogleProviderWrapper,.java from the 7.0.3 release. This also doesn't work, with a similar but different error:

2024-08-09 13:18:38.229 10711-10711 GigyaSDK                be.vrt.example_audio_video           D  << ApiService *** SEND REQUEST with:
                                                                                                    {
                                                                                                      "callId": "2c271d66efdd18f6763edf7e12fb0c24",
                                                                                                      "errorCode": 500002,
                                                                                                      "errorMessage": "Server login error",
                                                                                                      "apiVersion": 2,
                                                                                                      "statusCode": 500,
                                                                                                      "statusReason": "Internal Server Error",
                                                                                                      "time": "2024-08-09T11:18:38.393Z",
                                                                                                      "ignoredParams": [
                                                                                                        {
                                                                                                          "paramName": "code",
                                                                                                          "warningCode": 403007,
                                                                                                          "message": "This parameter was not recognized as valid for this API method with your security credentials nor was it recognized as a standard Gigya control parameter."
                                                                                                        }
                                                                                                      ],
                                                                                                      "errorDetails": "500002 - Server login error"
                                                                                                    } >>

[tal-mi]

Hi, Credentials Manager update only works on v7.1.0 with the attached version provider. It will not work with a previous provider file. Please check if there is a Google account on the device you are using. I noticed a bug in Google which will return a NoCredentialsException regardless of using setFilterByAuthorizedAccounts "false" as they instruct in the Sign In flow. Looking into it.

[erickok]

Credentials Manager update only works on v7.1.0 with the attached version provider. It will not work with a previous provider file.

Yes, I used Gigya 7.1.0 with the specific Java provider files found in the zip for that release.

Please check if there is a Google account on the device you are using.

I do. And they also show correctly on our current Gigya 6.x implementation. And they even show if I (for testing purposes) use GetSignInWithGoogleOption, so that's not the issue.

Thanks for looking into it. This is blocking us to move to Gigya 7.x. Happy to supply more debugging info if necessary.

[tal-mi]

Hi, I am still looking into this. Seems that a lot of ppl are reporting the same issue on different threads and are not getting any response from Google yet. I noticed on my test application when the keys (SHA) are set correctly, that if there is a verified Google account on the device, the error does not pop up twice and will allow the flow to continue. This is a big change because old GMS login will probably be unavailable in 2025 so this gets the highest priority. I will update ASAP.

[erickok]

Do you have any update on this? We are blocked in upgrading the Gigya SDK.

[tal-mi]

Hi,

I still looking into this. Google still fails to provide an answer to this although I notice ppl reporting this issue with credentials manager. On my system the flow currently works as expected if setup correctly and a valid Google account is setup on the device.

Hope to update soon.

[tal-mi]

Just to be clear from the changes Google provided to credentials manager.

1. First sign in attempt is made using filterByAuthorizedAccounts true so the user can choose between accounts that have already been used and given permissions.
2. If a No credentials error appears we try again by setting filterByAuthorizedAccounts false so the user can basically choose between all accounts on the device.
3. If a No credentials error appears again then it means that there is not account on the device.

Just making sure that this is the case here.

Note: there is a line missing in the GoogleProviderWrapper class in line 121 (activity.finish()). I will update the class shortly.

[erickok]

It seems that indeed that is how it is supposed to work. But even with an active account present I get the No credentials error.

[tal-mi]

That's strange indeed. I will request to increase the priority for this issue so we can resolve it as quickly as possible.

[erickok]

An update. In the end we customized your GoogleProviderWrapper to use the GetSignInWithGoogleOption class instead of GetGoogleIdOption and it is working in our debug builds.

GetSignInWithGoogleOption googleIdOption = new GetSignInWithGoogleOption.Builder(pId)
        .build();

I finally get the accounts popup and I can sign in. Great!

However it is not working in our production builds. I just get an endless spinner (on a translucent grey background). I suppose because of minification/shrinking with R8 - I will confirm that, but it is blocking us again. I do see many warnings (not errors) thrown about missing classes:

Caused by: java.lang.ClassNotFoundException: com.fwc2014.vrt.and.gigya.providers.FacebookProviderWrapper
    ... 53 more
...
Caused by: java.lang.ClassNotFoundException: com.fwc2014.vrt.and.gigya.providers.GoogleplusProviderWrapper
    ... 53 more
...
Caused by: java.lang.ClassNotFoundException: 
com.fwc2014.vrt.and.gigya.providers.WechatProviderWrapper
    ... 53 more
...
Caused by: java.lang.ClassNotFoundException: com.fwc2014.vrt.and.gigya.providers.GoogleProviderWrapper
    ... 47 more

Now obviously these classes I indeed no longer have as we use gigya.providers.GoogleProviderWrapper now and I am also not sure if this is the root cause. I don't see any other useful logging - it just hangs with the spinner.

Could you please assist us?

[erickok]

I finally figured it out. Your SDK tries to search by class name for social login provider wrappers (in the gigya.providers package) but it does not carry any consumer proguard rules. You should include Proguard rules in de SDK or developers will have a hard time understanding why it doesn't work. Especially as there is no crash but you get generic 'No credentials found' messages and otherwise just no feedback, with endless loading spinners.

This works (and probably you can write an even better rules such as keeping classes which extend from ProviderWrapper)

-keep class gigya.providers.** { *; }

[tal-mi]

Hi,

Sorry for the long delay. You are right about minification and I will make sure it is added to the Docs. The current SDK cannot support minification due to the use of reflection mechnism in its core. Therefore, the exclution in proguard is required and I will make sure it is added to the info documentation.

I will look into changing to GetSignInWithGoogleOption though my tests run correcly with the current wrapper. In any case, the nature of the wrapper design is that it can be changed and updated according to applicaiton needs. I will make sure to deep dive into it.

Thanks, Tal

[erickok]

On top of adding the proguard rules to the documentation, I suggest you add them to the consumer rules. That way, the implementing app doesn't need to provide them.