question

Em Lazer-Walker avatar image
Em Lazer-Walker asked

Login/Link with Google - invalid_grant token issue,"invalid_grant" problems linking or logging in with Google Play Games

I'm having trouble implementing Google Play login with our game on Android. Any request sending a ServerAuthCode to PlayFab results in the dreaded invalid_grant error from Google's side. Would love some guidance here.

Some configuration things I've confirmed:

1. The bundle ID and client key / secret are correct in the PlayFab settings

2. The OAuth redirect URL on the Google console side is correctly set to our PlayFab instance

3. The client key the Android app is the web/server client key, not the auto-generated Android client one.

We're using native Android (Kotlin) rather than Unity, so our actual login code looks different from the Unity example in PlayFab's docs. We're broadly following the steps in https://developers.google.com/games/services/android/signin; here's our specific signin builder code where we request games and profile scope:

GoogleSignInOptions.Builder(GoogleSignInOptions.DEFAULT_GAMES_SIGN_IN)<br>    .requestProfile()<br>    .requestServerAuthCode(AdConstants.googlePlayGamesServerClientId, false)<br>    .build()

I'm logging in via a non-signed APK, with same bundle ID as production, with a Google account that's whitelisted as a tester for our Google Play Services integration.

Some red flags / areas I suspect might be the root cause:

- It's unclear to me to what extent PlayFab does or doesn't support the latest Google Play Games sign-in flows. That said, the same result happens regardless of whether I'm trying to sign in silently (googleSignInClient.silentSignIn()) or display a googleSignInClient?.signInIntent and handle the result.

- Every time I log in, I seem to get the exact same serverAuthCode. This feels like a major red flag to me.

- My actual PlayFab link/login request isn't happening in Kotlin. Our game is written in HTML5 / TypeScript — after grabbing the serverAuthCode in native code, we send that over to an embedded WebView, where the actual PlayFab network request happens in the PlayFab JS SDK. This shouldn't affect things, but perhaps worth calling out.

If it's helpful for context, our whole game is open-source. The most relevant files:

https://github.com/flappy-royale/flappy-royale/blob/master/android/app/src/main/java/com/lazerwalker/flappyroyale/GooglePlayGames.kt

https://github.com/flappy-royale/flappy-royale/blob/master/android/app/src/main/java/com/lazerwalker/flappyroyale/MainActivity.kt

There are a tons of years-old threads on here of people having broadly-similar error messages, but nothing that seems directly applicable to our situation. Any nudge in the right direction would be helpful. Cheers!

,

I'm trying to implement Google Play login in my game, but having difficulty getting a request to actually complete. Any link or login request I make appears to return a "Google API error code: invalid_grant details: Bad Request" error.

Things I've confirmed:

  1. Our PlayFab Google add-ons settings page shows the correct package ID, client ID, and secret taken from our Google console
  2. On Google's API credentials console, our web application API key has its OAuth redirect URL set to our PlayFab instance
  3. Our Android client is using the client ID for the web/server client, rather than the native Android app client ID.

We're using native Android Kotlin rather than Unity, so I can't directly compare to the example code. As such, we're broadly following the flow suggested in https://developers.google.com/games/services/android/signin.

Searching this forum, it's unclear to me whether PlayFab properly supports the new games silent login flow, but the result is the same whether we're using the serverAuthCode returned as the result of a `googleSignInClient.silentSignIn()` login or by showing a traditional login activity.

GoogleSignInOptions.Builder(GoogleSignInOptions.DEFAULT_GAMES_SIGN_IN)<br>    .requestProfile()<br>    .requestServerAuthCode(Constants.googlePlayGamesServerClientId, false)<br>    .build()

Any thoughts about what we could be doing wrong here? A major red flag to me is that our auth flow seems to consistently return the same single serverAuthCode on my test device, but I don't know why that would be the case. This is a local build, rather than a signed APK, but with the correct bundle ID, and my Google ID added to the testing whitelist for Google Play Games for this app.

If it's helpful to see context, our entire application is open-source. Most pertinent files:

https://github.com/flappy-royale/flappy-royale/blob/master/android/app/src/main/java/com/lazerwalker/flappyroyale/GooglePlayGames.kt

https://github.com/flappy-royale/flappy-royale/blob/master/android/app/src/main/java/com/lazerwalker/flappyroyale/MainActivity.kt

(There's a bit of indirection, as the native Android app is sending the serverAuthCode into a WebView context, where the actual link/login call happens via the PlayFab JS SDK, but it seems unlikely to me that's the source of our trouble)

Any advice would be appreciated. Thanks!

android
1 comment
10 |1200
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Em Lazer-Walker avatar image Em Lazer-Walker commented ·

Argh, sorry this message seems to have double-posted and have formatting issues! I can't seem to find a button to let me edit an existing question — does that exist on here?

0 Likes 0 ·

1 Answer

·
Seth Du avatar image
Seth Du answered

I am not familiar with Kotlin but according to your description, it seems there is something wrong when you authenticate with Google before the communication with PlayFab. Have you added adding the .AddOauthScope("profile") line in your configuration? In addition, the suggestion is to compare the documentation with your project: https://docs.microsoft.com/en-us/gaming/playfab/features/authentication/platform-specific-authentication/google-sign-in-unity.

3 comments
10 |1200
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Em Lazer-Walker avatar image Em Lazer-Walker commented ·

Thanks for the reply! My understanding is the requestProfile() line in my builder code above is equivalent to explicitly adding the OAuth scope.

As mentioned above, I did explicitly compare the steps I was doing to that documentation. A question I still have is whether the issue might be the way I'm using the new Google Play Games flow (the GoogleSignInOptions.DEFAULT_GAMES_SIGN_IN flag in my example code), as it's not mentioned at all in that document and I see conflicting reports in this forum about whether any of the new Google Play Games auth features are supported by PlayFab.

0 Likes 0 ·
Seth Du avatar image Seth Du ♦ Em Lazer-Walker commented ·

Sorry for the late reply. I will discuss this with our team but for now, it seems GoogleSignInClient is not supported. I will keep this thread updated if there was any feedback.

0 Likes 0 ·
Seth Du avatar image Seth Du ♦ Em Lazer-Walker commented ·

After the discussion, the feedback from the team is to follow the guidance of this doc: https://developers.google.com/games/services/android/offline-access, meanwhile also make sure you are passing in the correct id to requestServerAuthCode().

In addition, the serverAuthCode should not be constant because it should be one-time use and keeps changing every time you request for one.

0 Likes 0 ·

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.