事实是，当您签署APK并向Google要求OAuth2令牌时，必须通过开发控制台注册已签名的应用程序。这是一个基于应用程序包名称和sha1指纹的安全措施。

We're under Android (Jellybean and higher), and we've got an app which need to use OAuth2 with Google for authentication.

I simplified the login activity, but it's looking like that:

AccountManager mAccountManager;
// [...]
Account account = new Account("myEmail@gmail.com", "com.google");
// same with professional email managed by Google as myEmail@myDomain.com
// real code recovers accounts with mAccountManager.getAccountsByType("com.google")
mAccountManager = AccountManager.get(getBaseContext());
mAccountManager.getAuthToken(account, "oauth2:https://www.googleapis.com/auth/userinfo.email", null, MyActivity.this, new AccountManagerCallback<Bundle>() {
    @Override
    public void run(AccountManagerFuture<Bundle> accountManagerFuture) {
        try {
            String token = accountManagerFuture.getResult().getString(AccountManager.KEY_AUTHTOKEN);
            // exception occurs here
            // [...]
        } catch (Exception e) {
            Log.e("account", "exception occurs", e);
        }
    }
}, null);

When we call accountManagerFuture.getResult(), it fires this exception:

android.accounts.AuthenticatorException: UNREGISTERED_ON_API_CONSOLE
    at android.accounts.AccountManager.convertErrorToException(AccountManager.java:2024)
    at android.accounts.AccountManager.access$400(AccountManager.java:144)
    at android.accounts.AccountManager$AmsTask$Response.onError(AccountManager.java:1867)
    at android.accounts.IAccountManagerResponse$Stub.onTransact(IAccountManagerResponse.java:69)
    at android.os.Binder.execTransact(Binder.java:446)

I cannot find neither doc about this nor other people with the same exception, and I'm quite confused: the call to AccountManager.getAuthToken only provides an account (name and type), a scope, and a callback method, there's no parameter to specify an app or something I could customize in the dev API console.

I'm sure I'm missing something, but what?

Well, I finally figured it out. Not sure if I misread the documentation or if there are missing links, but anyway.

Fact is that when you sign a APK and then ask Google for a OAuth2 token, you have to register your signed app through the dev console. It's a security measure based on the app package name and the sha1 fingerprint.

To do that, you have to :

1. sign your APK, manually or through Gradle or whatever: the Android documentation is pretty clear on this step;
2. get your sha1 fingerprint; as mention in this SO answer, it's kind of easy on Android Studio: in the Gradle panel, select the signingReport task under your root project and run it - the SHA1 fingerprint will show in the text output;
3. register your APK through the Google dev console: create a new Credentials / OAuth client id / Android, defined by the SHA1 fingerprint you got and your APK package name.

And voila!

For information, the only official documentation I found explaining the why and how of the two final steps is here: https://developers.google.com/drive/android/auth

这篇关于UNREGISTERED_ON_API_CONSOLE，同时在Android上获得OAuth2令牌的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！