验证 Android 应用链接失败,错误代码 1024。

huangapple go评论153阅读模式
英文:

Verifying Android app links fails with error 1024

问题

The app link verification is failing because the domain unibeam.github.io is not being properly verified for your Android app com.unibeam.passkey1. This issue does not necessarily require the app to be on the Play Store to work, but there might be some configuration or verification steps that need to be addressed.

Here are some potential reasons why it might be failing:

  1. Incomplete or Incorrect Asset Links File: The assetlinks.json file you provided should accurately specify the allowed relationships between your app and the website. Make sure the file is correctly configured.

  2. Fingerprint Mismatch: Check that the SHA-256 fingerprints in the assetlinks.json file match the certificates used to sign the app. You mentioned that the fingerprints correspond to debug and release versions. Ensure that these fingerprints match the actual signing certificates.

  3. Intent Filter Configuration: The intent filter in your app's manifest.xml seems correct for handling links to http and https schemes from unibeam.github.io. However, verify that there are no conflicting intent filters or permission issues in your manifest.

  4. User Profile: The output from adb shell pm get-app-links is for user 0. Ensure that you are testing this on the correct user profile, and that the user profile you are testing on has the necessary permissions.

  5. Testing Environment: Ensure that your testing environment accurately represents the conditions under which your app will be used. Testing on a real device or emulator with the same configuration as your target users is important.

  6. Network Connectivity: Ensure that the device has a network connection when testing, as some verification may require online access.

  7. Play Store Listing (Optional): While it's not strictly necessary for app link verification to work, listing your app on the Play Store can sometimes help in ensuring that all necessary configurations are in place.

To diagnose the exact issue, you may need to review your app's configurations, certificate fingerprints, and the assetlinks.json file carefully. Double-check that the assetlinks.json file is hosted at the correct URL and that there are no issues with its accessibility.

Please note that if you make changes to your app's configurations or the assetlinks.json file, it may take some time for these changes to propagate and be recognized by the system, so be patient while testing.

英文:

I have an Android app with applicationId com.unibeam.passkey1.

At https://unibeam.github.io/.well-known/assetlinks.json, I have stored the following file:

[{
  "relation": ["delegate_permission/common.get_login_creds"],
  "target": {
    "namespace": "web",
    "site": "https://unibeam.github.io"
  }
 },
 {
  "relation": ["delegate_permission/common.get_login_creds"],
  "target": {
    "namespace": "android_app",
    "package_name": "com.unibeam.passkey1",
    "sha256_cert_fingerprints": [
      "55:E2:84:F9:9B:59:82:02:FA:2B:87:B9:90:77:8F:8D:62:3F:32:CC:76:92:47:0C:A8:73:7C:AE:11:8D:B6:0C",
      "0E:67:51:BF:E4:C4:01:7F:CB:7D:4C:1E:02:7E:DF:8D:40:25:9A:5C:20:2A:AB:96:71:15:F1:46:40:09:58:3D"
    ]
  }
 }]

The 2 fingerprints correspond to the debug and release versions of the app.

And checking at https://digitalassetlinks.googleapis.com/v1/statements:list?source.web.site=https://unibeam.github.io&relation=delegate_permission/common.get_login_creds returns no error.

Now inside the app's manifest.xml, I have the following:

<intent-filter android:autoVerify="true">
    <action android:name="android.intent.action.VIEW" />
    <category android:name="android.intent.category.DEFAULT" />
    <category android:name="android.intent.category.BROWSABLE" />
    <data android:scheme="http" />
    <data android:scheme="https" />
    <data android:host="unibeam.github.io" />
</intent-filter>

The problem is that when running adb shell pm get-app-links --user cur com.unibeam.passkey1 it fails as follows:

  com.unibeam.passkey1:
    ID: 24defbad-89a3-46d4-8446-335dfcdcd0a9
    Signatures: [0E:67:51:BF:E4:C4:01:7F:CB:7D:4C:1E:02:7E:DF:8D:40:25:9A:5C:20:2A:AB:96:71:15:F1:46:40:09:58:3D]
    Domain verification state:
      unibeam.github.io: 1024
    User 0:
      Verification link handling allowed: true
      Selection state:
        Disabled:
          unibeam.github.io

Why does it fail? Does the app need to be on PlayStore for all this to work?

答案1

得分: 2

以下是翻译好的部分:

GETTING APP LINKS WORKING

为了实现此功能,您需要在 assetlinks.json 文件中包含以下条目,如Android 文档中所述。我的一个代码示例使用了这些设置:

[
  {
    "relation": [
      "delegate_permission/common.handle_all_urls"
    ],
    "target": {
      "namespace": "android_app",
      "package_name": "com.authsamples.basicmobileapp",
      "sha256_cert_fingerprints": [
        "62:7D:06:B1:01:C6:2F:04:9A:D4:5D:17:DF:FF:AB:65:13:8E:E0:CC:F6:60:2A:F6:3A:DA:1D:19:0A:F9:DF:15"
      ]
    }
  }
]

这不需要部署到应用商店。您可以通过运行我的示例应用来验证此操作,该应用在安装时注册了深链接。我的应用使用与您的类似的清单文件。如果在模拟器上运行应用程序,然后运行以下命令:

adb shell pm get-app-links --user cur

您将看到类似以下的输出,没有 1024。有关更多基础设施详细信息,请参阅我的这篇博文

 com.authsamples.basicmobileapp:
    ID: 07f8ee96-dc1c-4df0-a7d7-2e9738902088
    Signatures: [62:7D:06:B1:01:C6:2F:04:9A:D4:5D:17:DF:FF:AB:65:13:8E:E0:CC:F6:60:2A:F6:3A:DA:1D:19:0A:F9:DF:15]
    Domain verification state:
      mobile.authsamples.com: verified
    User 0:
      Verification link handling allowed: true
      Selection state:
        Disabled:
          mobile.authsamples.com

GETTING WEBAUTHN / PASSKEY NATIVE LOGINS WORKING

这是一项较新的功能,使用FIDO 功能需要额外的注册,例如以下内容:

[
  {
    "relation": [
      "delegate_permission/common.handle_all_urls",
      "delegate_permission/common.get_login_creds"
    ],
    "target": {
      "namespace": "web",
      "site": "https://mobile.authsamples.com"
    }
  }
]

它还需要一些步骤来在应用程序内指定 asset_statements,如链接中所述。

YOUR QUESTION

在您的情况下,看起来 passkey 注册没有问题,您可以继续为用户实施 passkey 登录。您问题令人困惑的地方在于,您正在查看应用链接注册的详细信息。除非包含 handle_all_urls 值,否则这些将不起作用。

为了推进您的设置,我建议更新 assetlinks.json 为如下所示的形式,就像链接中建议的那样。即使您最初不使用它,如今任何移动应用都有支持深度链接的意义。

[
  {
    "relation": [
      "delegate_permission/common.handle_all_urls",
      "delegate_permission/common.get_login_creds"
    ],
    "target": {
      "namespace": "android_app",
      "package_name": "com.authsamples.basicmobileapp",
      "sha256_cert_fingerprints": [
        "62:7D:06:B1:01:C6:2F:04:9A:D4:5D:17:DF:FF:AB:65:13:8E:E0:CC:F6:60:2A:F6:3A:DA:1D:19:0A:F9:DF:15"
      ]
    }
  },
  {
    "relation": [
      "delegate_permission/common.handle_all_urls",
      "delegate_permission/common.get_login_creds"
    ],
    "target": {
      "namespace": "web",
      "site": "https://mobile.authsamples.com"
    }
  }
]
英文:

There seems to be two parts to your question:

GETTING APP LINKS WORKING

For this you need the assetlinks.json file to contain entries like this, as described in Android docs. A code example of mine uses these settings:

[
  {
    "relation": [
      "delegate_permission/common.handle_all_urls"
    ],
    "target": {
      "namespace": "android_app",
      "package_name": "com.authsamples.basicmobileapp",
      "sha256_cert_fingerprints": [
        "62:7D:06:B1:01:C6:2F:04:9A:D4:5D:17:DF:FF:AB:65:13:8E:E0:CC:F6:60:2A:F6:3A:DA:1D:19:0A:F9:DF:15"
      ]
    }
  }
]

This does not require deployment to the App Store. You can verify this by running my example app, which registers deep links when it is installed. My app uses a similar manifest file to yours. If you run the app on an emulator, and then this command:

adb shell pm get-app-links --user cur

You will see output like this, without the 1024. Further infrastructure details in this blog post of mine.

 com.authsamples.basicmobileapp:
    ID: 07f8ee96-dc1c-4df0-a7d7-2e9738902088
    Signatures: [62:7D:06:B1:01:C6:2F:04:9A:D4:5D:17:DF:FF:AB:65:13:8E:E0:CC:F6:60:2A:F6:3A:DA:1D:19:0A:F9:DF:15]
    Domain verification state:
      mobile.authsamples.com: verified
    User 0:
      Verification link handling allowed: true
      Selection state:
        Disabled:
          mobile.authsamples.com

GETTING WEBAUTHN / PASSKEY NATIVE LOGINS WORKING

This is a newer feature, to use FIDO capabilities, and requires additional registrations like these:

[
  {
    "relation": [
      "delegate_permission/common.handle_all_urls",
      "delegate_permission/common.get_login_creds"
    ],
    "target": {
      "namespace": "web",
      "site": "https://mobile.authsamples.com"
    }
  }
]

It also requires a couple of steps to specify asset_statements within the app, as explained in the link.

YOUR QUESTION

In your case, passkey registration looks fine, and you can proceed with implementing passkey logins for users. What is confusing about your question is that you are looking at app link registration details. These will not work unless you include the handle_all_urls value.

To progress your setup, I would update to an assetlinks.json of this form, as suggested in the link. Even though your focus may be passkey logins, it makes sense these days for any mobile app to have support for deep linking, even if you don't use it initially.

[
  {
    "relation": [
      "delegate_permission/common.handle_all_urls",
      "delegate_permission/common.get_login_creds"
    ],
    "target": {
      "namespace": "android_app",
      "package_name": "com.authsamples.basicmobileapp",
      "sha256_cert_fingerprints": [
        "62:7D:06:B1:01:C6:2F:04:9A:D4:5D:17:DF:FF:AB:65:13:8E:E0:CC:F6:60:2A:F6:3A:DA:1D:19:0A:F9:DF:15"
      ]
    }
  },
  {
    "relation": [
      "delegate_permission/common.handle_all_urls",
      "delegate_permission/common.get_login_creds"
    ],
    "target": {
      "namespace": "web",
      "site": "https://mobile.authsamples.com"
    }
  }
]

答案2

得分: 1

错误代码1024或更高表示特定于设备验证器的自定义错误代码。首先让我们了解adb返回的结果。

com.unibeam.passkey1:
ID:24defbad-89a3-46d4-8446-335dfcdcd0a9
签名:[**]
域验证状态:
第1行-> unibeam.github.io:1024
第2行-> 用户0:
第3行-> 允许处理验证链接:是
第4行-> 选择状态:
第5行-> 已禁用:
unibeam.github.io

当您运行以下命令时:

adb shell pm get-app-links --user cur com.unibeam.passkey1

第1行代表域验证过程。除了**“已验证”**之外的任何其他状态都表示无法执行域验证。域验证可能返回的完整列表在此处

对于错误1024,请确保已启用互联网连接并重新调用域验证过程。

第2行表示用户0已在系统设置中手动批准了该应用程序。

第3行表示用户0已批准了unibeam.github.io链接。

第4行表示已启用和禁用的所有应用链接。

第5行表示已禁用的应用链接;在此处,unibeam.github.io处于禁用状态。

要手动调用已安装在设备上的应用程序的域验证过程,请使用以下过程,但需要Android 12:

确保已启用互联网连接
在终端窗口中运行以下命令:

adb shell am compat enable 175408749 PACKAGE_NAME

重置设备上Android应用链接的状态,运行以下命令:

adb shell pm set-app-links --package PACKAGE_NAME 0 all

然后调用域验证过程,运行以下命令:

adb shell pm verify-app-links --re-verify PACKAGE_NAME

在查看此命令的结果之前,请等待几分钟,以便验证代理完成请求。

要查看结果,请运行以下命令:

adb shell pm get-app-links PACKAGE_NAME

我注意到您的站点以句点结尾。请确保路由以句点结尾的情况下与不以句点结尾的情况下提供相同的内容。例如:

"site": "https://unibeam.github.io."
必须通过以下方式提供相同的内容:

"site": "https://unibeam.github.io"

常见错误:
确保已设置正确的意图过滤器
确保服务器的JSON配置和SHA值正确
确保服务器端没有重定向

英文:

The Error code of 1024 or greater specifies the custom error code that's specific to the device's verifier.
Lets first understand the result returned by the adb

com.unibeam.passkey1:
    ID: 24defbad-89a3-46d4-8446-335dfcdcd0a9
    Signatures: [**]
    Domain verification state:
  line 1->    unibeam.github.io: 1024
  line 2 ->   User 0:
  line 3->    Verification link handling allowed: true
  line 4->    Selection state:
  line 5->      Disabled:
         unibeam.github.io

When you ran the command

adb shell pm get-app-links --user cur com.unibeam.passkey1 

Line 1 represent the domain verification process. Any other state than "verified" represent the domain couldn't not be performed.For complete list that domain verification can return is here.
For the error 1024, make sure you have enabled internet connection and re-invoke the domain verification process.

Line 2 represent the user 0 has manually approved the app in the system settings

Line 3 represent the user 0 has approved unibeam.github.io link

Line 4 represent the all app links that are enabled and disabled.

Line 5 represent the Disabled app links ;here unibeam.github.io is in disabled state.

To manually invoke domain verification process for an app that's installed on a device use the following procedure but you need android 12 for this
Make sure you have enabled internet connection
run the following command in a terminal window

adb shell am compat enable 175408749 PACKAGE_NAME

Reset the state of android app links on a device, run the following command in a terminal window

adb shell pm set-app-links --package PACKAGE_NAME 0 all

Then invoke the domain verification process , run the following command

adb shell pm verify-app-links --re-verify PACKAGE_NAME

Before you review the result of this command, wait a few minutes for the verification agent to finish the request.
For review result ,run the following command

adb shell pm get-app-links PACKAGE_NAME

I have noticed that your site ended with . (with the trailing period) make sure that route ended with . servers the same content as without. for Example :
"site": "https://unibeam.github.io."
must serve the same content by
"site": "https://unibeam.github.io"

Common erros :
Make sure you have setup the correct intent filter
Make sure server's json configuration and sha value is correct.
Make sure there is no redirects from server side

huangapple
  • 本文由 发表于 2023年6月19日 22:38:43
  • 转载请务必保留本文链接:https://go.coder-hub.com/76507667.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定