问题
I'm trying to access a deployed appengine backend api using OAuth2.0 support from my android client.
Authentication is working fine from the api explorer using the authorised email address
On the android side, I'm using the credentials/account picker method described here: https://developers.google.com/appengine/docs/python/endpoints/consume_android
But I get a 403 status code saying the access is forbidden and the following in the appengine log when accessing from an android client:
D 12:52:53.042 Checking for id_token.
W 12:52:53.046 Audience not allowed: 901326459160-vnpoik6ebefbnhtagqns7r0qlkt31gdo.apps.googleusercontent.com
D 12:52:53.047 Checking for oauth token.
D 12:52:53.049 Oauth framework user didn't match oauth token user.
I 12:52:53.050 Access rejected from none user.
What is happeing because the web app client id has been included in the whitelist for client ids and also the android client id?....
回答1:
From the error it seems that the your application is passing the incorrect user token or to the backend API, that's why it is showing that "Oauth framework user didn't match Oauth token user. I will suggest you to check the clientID you use in your code for "Configuring Your Android client to provide credentials" on this page and see if the client ID (Android) is same as in the developer console
回答2:
I figured what was wrong.... The web client email was passed as the audience in the endpoint Api method instead of the web client id
来源:https://stackoverflow.com/questions/29667442/google-cloud-endpoint-authentication-from-my-android-client-audience-not-allowe