search

Tkko / flutter_smart_auth

Flutter package for listening SMS code on Android, suggesting phone number, email, saving a credential.
https://pub.dev/packages/smart_auth
MIT License
43 stars 26 forks source link

Sms code retrieval is not working when the app is published on the play store #13

Open Rodgerkilzone opened 1 year ago

Rodgerkilzone commented 1 year ago

Describe the bug When I publish the app on playstore the auto sms code retrieval is not working, and I think the issue is caused by appsignature changing when its published that causes it not to detect the sms code ,because the signauture appears similar for all devices and it has a space between the appsignature string

oktaydegerli commented 11 months ago

Same issue.

Tkko commented 11 months ago

Most likely you are generating the App signature incorrectly, try to use these guides:

https://stackoverflow.com/questions/53849023/android-sms-retriever-api-computing-apps-hash-string-problem

https://www.ackee.agency/blog/sms-verification-with-retriever-api

oktaydegerli commented 11 months ago

I download deployment_cert.der and follow google's guide. Also it returns same signature when i log (Pinput: App Signature for SMS Retriever API Is:) the released app with "flutter logs"

Tkko commented 11 months ago

@oktaydegerli Can you share the example of SMS you are receiving?

oktaydegerli commented 11 months ago

"44075 dogrulama kodu ile isleminize devam edebilirsiniz. 5Qs7QEoqbMg B354"

5Qs7QEoqbMg is the appsignature for the published app. Which is generated with using deployment_cert.der.

For debug, app signature is different and it works well.

Tkko commented 11 months ago

First of all let's try this: https://stackoverflow.com/a/55017393/8119550 If this isn't working then try to compute the hash again: https://developers.google.com/identity/sms-retriever/verify#computing_your_apps_hash_string

Also a helping hand from ChatGPT

Find the Production App Signature:

  1. If you use Google Play App Signing, the app's signature in the production environment will be different from your development environment. To find the correct signature, go to your Google Play Console, navigate to your app's release management section, and look for the app signing certificate information. Hash Generation:

  2. The signature needs to be SHA-256 hash and then base64 encoded (without newline characters and padding). You can use an online tool or write a script to generate this hash from your signing certificate. Include in SMS:

  3. This hash needs to be included in the SMS message exactly as generated.