I'm trying to verify a GameCenter player on a remote server using Apple's documented method:
GKLocalPlayer generateIdentityVerificationSignatureWithCompletionHandler:
Calling this method on iOS returns, among other things, a link to this file (this file location is fairly static, and you can download it to see its contents):
https://sandbox.gc.apple.com/public-key/gc-sb.cer
This file holds the public key that must be downloaded on the server to begin the verification process for the local GameCenter player.
I am using Google App Engine for my project, which limits me to using the PyCrypto library. I am trying to import this file using these calls (I use the filename directly here for clarity):
from Crypto.PublicKey import RSA
apple_cert = urllib2.urlopen("https://sandbox.gc.apple.com/public-key/gc-sb.cer").read()
rsakey = RSA.importKey(apple_cert)
Unfortunately, this is failing with the following message:
raise ValueError("RSA key format is not supported")
From what I understand, PyCrypto is expecting a DER formatted certificate, which is what I think Apple is supplying. Does anyone know what I'm doing wrong, or can point me in the right direction? Thanks.
Also, I have setup my GAE project to use the latest version of PyCrypto, which I think is 2.6.
The process of getting GameCenter authentication working with Google App Engine is proving to be very troublesome.
As it turns out, the reason is because the file downloaded from Apple is actually an X.509 certificate. The public key has to be extracted from this certificate before it can be used. This answer is demonstrated in a similar post:
How do I use a X509 certificate with PyCrypto?
For the full solution on validating a GameCenter user using Google App Engine, see my answer in this post:
How to authenticate the GKLocalPlayer on my 'third party server'?
Related
I made an iOS app (Swift) that signs in with Google, then fetches classroom data from the (Google Classroom API) https://developers.google.com/classroom. Everything was working correctly, and then some time later I think I accidentally deleted the Google Cloud project associated with it. So I had to re-create it and recreate an OAuth Client ID (I followed this guide on Google's website).
Now I'm getting an https status code 403 error - Permission Denied while trying to fetch classes, and I have no idea why. Does anyone know how to resolve this?
I believe the specific error (according to the Google Classroom API error section, linked above) is:
...but I'm very confused what to do to fix this.
One thing that is interesting is when I created an OAuth Client ID and downloaded the credential.plist (or credentials - can't remember) file and inserted it into the Xcode project, I get the same error as when the .plist file is not there. I'm wondering if I have it named something incorrectly? (Because before I had an entire GoogleService-Info.plist file since I had an associated Firebase project), but now that I don't need the firebase project anymore, I just have the credentials in the downloaded plist file which inherently is called credentials.plist.
Edit One strange thing is that I am only trying to read data, so I don't know why it's telling me I attempted to modify data.
If you are using some of the API to manage the classwork from the students with the Classroom API, you could be affected by this alert:
This could be interpreted in a way that, all the CourseWork that was managed by the previous Client ID is basically linked to that Client ID. This also has been discussed over the public issue tracker when it comes to Classwork created from the normal UI and how it can be managed:
https://issuetracker.google.com/issues/67748271#comment8
I would suggest to also share some feedback for this feature request so it gets the attention it needs. I notice that features like this for Classroom have been approved and implemented due to the high amount of users utilizing Classroom, generally it was previously limited however it has since been getting great support.
I'm stuck on configuring Apple Login for my web app using Firebase Auth.
I did all the configuration on https://firebase.google.com/docs/auth/web/apple but cant seem to find the apple-developer-domain-association.txt file to download and host on firebase hosting.
Firebase configuration:
Services Id:
- The bundle id on the identifier page
Apple Team Id:
- Full App name
Key Code:
- The key identifier
Secret Key
- Content of key file downloaded from the developers page
With this config I get the invalid_uri on the popup when opened.
Can anyone help?
Thanks in advance.
In addition to Ruaridh's answer, make sure that the "domain" is formatted with OUT the leading "https://"
so just: YOUR_FIREBASE_PROJECT_ID.firebaseapp.com
This may seem obvious to some, but I did not see anything in any documentation that specified the format the domain needed to be in. Even Firebase and Apple support were not able to identify improper formatting as an issue in my case. I came across this solution by accident and still cannot find any official documentation of formatting.
I had been stuck on that for a while, so even if it doesn't solve your issue, hopefully it is valuable to others.
You shouldn't need to host the apple-developer-domain-association.txt on Firebase anymore - I have just implemented Sign in with Apple on a Firebase web app and it wasn't required. Apparently as long as TLS 1.2 is supported (which Firebase handles for you), it should work. Firebase docs seem to be out of date. When configuring your Service ID, it says:
Your website must support TLS 1.2 or higher.
You should just need to register https://YOUR_FIREBASE_PROJECT_ID.firebaseapp.com/__/auth/handler in the "Return URLs" when configuring the Service ID in the Apple Developer Console.
Note that Apple doesn't let you use localhost as the return uri, so I found that I couldn't test it locally either.
I am trying to hook a Xamarin project up to Google Play Services but keep receiving a SIGN_IN_REQUIRED error when calling Connect. I have read a few posts online but cannot determine what actually causes this error message.
I have setup the a game project and also setup an API with oAuth credentials. I have made sure that the same SHA key is being used in the API credentials and in the application while debugging but I am still not making any progress.
I am currently presuming that this is not a coding problem but rather something to do with the setup of the API services etc but have ran out of things to try at this point.
Firstly, to make sure your network connection is normal, you can run this demo in your network environment.developer.xamarin.com/samples/monodroid/google-services/… Donnot forget to change to clientID in string.xaml.Then , open the firebase console, find this app check the clientID if it is same with your code, and check the SHA-1 hash of your signing certificate.
I'm developing an iOS Project using a Braintree Payment roll for transaction processing. I'm using the API at SCViewController.m line 86 from the Braintree iOS Library and that code was working perfectly.
I created a new Braintree Sandbox accout and put its encryption key into our project, but now I get this error:
Problem acquiring reference to the public key, OSStatus == 0
What do I need to do to make the new encryption key work in my project?
The SampleProject is creating a VTClient object here. When that object is created, you pass in your Braintree client-side encryption key and your merchant ID.
That error is happening because you're passing in an incorrect Braintree client-side encryption key. Please make sure that you're using the correct sandbox client-side encryption key and sandbox merchant ID, which can be found logging in to the sandbox Braintree site.
Also, keep in mind that there are different client-side encryption keys and merchant IDs for sandbox vs production environments. When you create the VTClient, you can specify which environment you're working in - and ensure that you're passing in the appropriate credentials for that environment.
Braintree dev here - as a result of some recent internal upgrades, a small number of CSE keys in our sandbox were generated incorrectly. From your error message, it looks like you may have been bit by this issue.
We've regenerated keys for the affected users. If you go back to the Sandbox and copy your new CSE key, it should now work. If it doesn't, please reach out to our support (support#braintreepayments.com) directly and we'll be in touch.
Thanks,
-SP
I have a scenario where I need to implement a digital signature scenario in iPhone and web. Simply I will first generate the RSA signature in iPhone end and share the public key with the server. Also server public key will be there using the x509 certificate generated from server. I can copy that over to the iPhone folder structure. The idea of this is to use this as digital signature where server will send a message by encrypting by the servers private key and again by iPhone public key. From iPhone end it can decrypt using iPphone private key and verity that again by decrypting using server public key.
I went through the sample code provided by Apple but they are not easy to understand. And it didn't cover my requirements as well. Here are my questions.
1) Can my objective achieved?
2) Will iPhone and my server back end (Java) work together cos many forums said that it had issues cos it has DER encoding.
3) Many samples focus on installing the own certificate in iPhone key chain. Can I install the server x509 as well?
4) Any link or material which will focus on my requirement or any guidance is appreciated.