I have followed all the steps outlined in https://developer.android.com/google/play/integrity/setup#integrate-into-app to add Play Integrity to my Android library. Configured the app using this library as documented as well.
Android:
getIntegrityManager(context).requestIntegrityToken(
IntegrityTokenRequest.builder()
.setCloudProjectNumber(projectNumber) // <-- from app's play console linked Google Cloud project
.setNonce(nonce)
.build())
Server:
DecodeIntegrityTokenRequest decodeRequest = new DecodeIntegrityTokenRequest();
decodeRequest.setIntegrityToken(token);
InputStream stream = Resources.getResource("credentials.json").openStream(); // <-- from service account
GoogleCredentials credentials = GoogleCredentials.fromStream(stream)
.createScoped(PlayIntegrityScopes.PLAYINTEGRITY);
HttpRequestInitializer requestInitializer = new HttpCredentialsAdapter(credentials);
HttpTransport httpTransport = new NetHttpTransport();
GoogleClientRequestInitializer initializer = new PlayIntegrityRequestInitializer();
PlayIntegrity.Builder playIntegrity = new PlayIntegrity.Builder(
httpTransport,
JsonFactory.getDefaultInstance(),
requestInitializer)
.setApplicationName("<proj name>") // <-- Google cloud project associated with server
.setGoogleClientRequestInitializer(initializer);
PlayIntegrity play = playIntegrity.build();
DecodeIntegrityTokenResponse response = play.v1().decodeIntegrityToken(appId, decodeRequest).execute();
But I am getting this exception from decodeIntegrityToken:
{
"code" : 403,
"errors" : [ {
"domain" : "global",
"message" : "You are not authorized to decode the requested integrity token.",
"reason" : "forbidden"
} ],
"message" : "You are not authorized to decode the requested integrity token.",
"status" : "PERMISSION_DENIED"
}
I am able to verify roles using CLI:
gcloud projects get-iam-policy <google-cloud-project-name> \
--flatten="bindings[].members" \
--format='table(bindings.role)' \
--filter="bindings.members:<service-acct-name>"
ROLE
roles/iam.serviceAccountUser
roles/serviceusage.serviceUsageConsumer
