Cloud endpoints authentication from android: Oauth framework user didn't match oauth token user

1
votes

I'm trying to access my appengine backend, built using cloud endpoints in python, from my android client - using authentication.

Authentication is working fine from the api explorer.

On the android side, I'm using the credentials/account picker method described here: https://developers.google.com/appengine/docs/python/endpoints/consume_android

But I get the following in the appengine log when accessing from an android client:

"Oauth framework user didn't match oauth token user."

And before that there's this warning:

"id_token verification failed: Unable to load pycrypto library. Can't verify id_token signature. See http://www.pycrypto.org for more information on"

1
androidgoogle-app-engineoauth-2.0google-cloud-endpoints
To help anybody else that might end up here - I fixed the same error (but not Android related - was rolling my own OAuth authentication) with two things: 1. Change App Engine's Google Authentication setting to "Google Accounts API", not "Google Apps Domain", and 2. Use the HTTP header 'Authorization: Bearer <access token here>" instead of the "?access_token=<access token here>" query string parameter.Joseph Mansfield

1 Answers

4
votes

When you are accessing GAE app with cloud endpoints from android client, it will be using ID tokens. So if you are getting the warning Oauth framework user didn't match oauth token user , then you must be seeing some failure in id_token verification and seeing some warning like id_token verification failed. Checking for oauth token. Please check if your endpoints.get_current_user() method is returning None in this case and then check for any errors in your authentication part.

This post explains ID tokens in detail and this post explains the limitations in knowing User_id when using ID tokens and the possible workarounds

EDIT: : Find below the final solution based on Kai Stavginski's suggestions

As suggested, oauth framework warning is seen when there is some error in id_token verification. So as per the modified question, the log has id_token verification failed: Unable to load pycrypto library This requires pycrypto library to be added to app.yaml and then id_token failure will be resolved and there will be no oauth related warning.