New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
The incoming request cannot be validated #51
Comments
Hi We do have a codelab for FIDO2, mostly the same steps and asset linking, did you try that as well? Also, are you still facing the issue? https://codelabs.developers.google.com/codelabs/fido2-for-android |
Also, throguh the codelab, to verify, you could once try same glitch me server and check if you are able to replicate or if there is some other issue. |
After spending two days finally i got the answer of your question. Step 1: First add your release SHA256 key with your package name into assetlinks.json file and upload it your rp (realing party website) /.well-known path Step 2: Change your build varint to release build. Step 3: Most important step is to add build flavour inside signInConfig block in build.gradle file like this signingConfigs {
} buildTypes { |
Hey, closing this. let me know if there's any other issue here :) |
@SumitProgrammer5955 I didn't quite understand if you had the problem only in debug or if it also works with the SHA256 debug key. I'm having the same problem but still in development I have the app only in debug mode. |
Hi All, i have followed through the following but still getting "The incoming request cannot be validated":
Anyone has any idea or suggestions? |
I am trying to implement FIDO2 on Android, and I am testing using the CredentialManager sample and code lab. However, when I click on "Sign Up with passkey", I get the following exception:
Auth com.google.credentialmanager.sample E createPasskey failed with exception: The incoming request cannot be validated
The Documentation suggests "The app's package ID is not registered with your server. Validate this in your server-side integration." However, I have the assetlinks.json hosted on my domain, and I have used the following tools to verify:
The asset links looks like this:
Any thoughts or suggestions?
The text was updated successfully, but these errors were encountered: