1

I've been working as a consultant on an Android project that uses Google oAuth2 to authenticate and identify it's users. The Android project is in production and available for download on Google Play. The oAuth client ids and the entire Google API project was setup by me using a Google Apps e-mail address setup in my name on the client's domain.

Since the project has been released and my work with the client is finished my e-mail address has been deactivated and subsequently deleted (or so it seems, the client claims to not being able to recreate it). Since my e-mail account was set as the owner of the API project the deletion of my e-mail address has resulted in the deactivation (or deletion) of the API project as well. This has of course seriously crippled the app in question.

To get things up and running again a new e-mail address was set up for me on the client's domain and I created a new API project. The problem is that I'm unable to create the oAuth client ids since the packagename and SHA1 key are the same as for the app already live. I get the "This client ID is globally unique and is already in use" message and I seem to be stuck in a very awkward situation. I see a couple of possible solutions but I'm not sure how to proceed:

  1. Reactivate the original e-mail address in the hope that the API project is still linked to that account

  2. Reactivate the Google API project with the help of a Google engineer and assign it to an e-mail account on the client's domain

  3. Delete the client ids from some Google database with the help of a Google engineer and setup a new API project and release a new version of the app.

  4. Worst case: accept the loss, change package name, release a new app and kindly ask users to migrate to the new app.

I've read that Google monitors the google-oauth tag here on SO and I hope to get some help either from the SO community or Google itself. Many thanks in advance!

britzl
  • 10,132
  • 7
  • 41
  • 38

1 Answers1

2

In the future, please coordinate for long-term ownership of the project, since the Google accounts that own the project are an important aspect of Google's authorization system. For instance, the owner of the project signs ToS for accessing the APIs on behalf of users.

I will follow up with you to find a way to sort out this issue.

breno
  • 3,226
  • 1
  • 22
  • 13
  • Thanks! I was almost certain that I had added another project owner than myself, but apparently not. The fault is entirely my own and I've learnt a lesson. I know for a fact that there was at least one more person added as a team member (not owner though). The guy was a server dev and he needed access to get some ids/keys to use on the server to validate auth tokens. Anyway, you can get in touch with me via e-mail if needed: bjorn dot ritzl at gmail dot com – britzl Sep 30 '13 at 18:05
  • I find it very frustrating to be promised to be contacted and then nothing! On the other hand Breno hasn't been online since answering my question and I'm starting to fear that something has happened to him... – britzl Oct 07 '13 at 22:21