[FAQ] Summary of Frequently Asked Questions During Access to HUAWEI ID Services

HUAWEI Account Kit provides developers with a simple and secure login authorization function. Users can quickly log in to apps through HUAWEI ID without entering account numbers, passwords, and cumbersome authentication, and use apps immediately. This article collects typical problems encountered by developers when integrating HUAWEI ID services, and provides solutions, hoping to provide a reference for other developers who encounter similar problems.

1. What is the redirect_url and how to configure the callback address

(1) The callback address redirect_rul does not need to be a real page address. redirect_rul is a virtual address defined by the OAuth2.0 protocol for the following purposes. The user can configure a custom string similar to https://xxxx .
(It is best to define a meaningful string according to your own business attributes)

(2) The purpose of redirect_url in the OAuth2.0 protocol is as follows:

If it is a web application, the OAuth server will call back and jump to this address after authorization. The web application needs to intercept this callback address to receive the Auth Code. When getting the AT, the callback address should be returned as a parameter, and the OAuth server will verify that the callback address and code match, otherwise an error code will be returned.

(3) How to set redirect_url? See the official website documentation

2. What is the difference between openId and unionId?

openId: The same user, different applications, different openId values, unique within a single application.

unionId: developer account ID, the same user, different applications managed under the same developer account, have the same unionId.

The OpenId can be obtained when an application is connected to a HUAWEI ID (different applications of the same user have different OpenId values). The OpenId is used to identify the user. The same HUAWEI ID user between multiple applications will be identified as multiple users in the developer system. . If developers want to uniquely identify users among multiple applications, they can use UnionId (for the same user, different applications managed under the same developer account, the UnionId value is the same). It is important to note that the application that identifies the user's uniqueness must be managed under the same developer account. After an application is transferred to another account, the UnionId value will also change.

3. How to determine if the account is logged in?

Through the silentSignIn interface, calling onSuccess and the obtained authAccount is not empty, indicating that the callback is successful and the account is logged in.

 Task<AuthAccount> task = service.silentSignIn();
        task.addOnSuccessListener(new OnSuccessListener<AuthAccount>() {
            @Override
            public void onSuccess(AuthAccount authAccount) {
                if(null != authAccount) {
                    showLog("success ");

                }
            }
        });

4. Call the server interface user.getTokenInfo interface and report an error invalid session

(1) Check whether the parameters are correct

(2) access_token needs UrlEncode, otherwise the parsing with special symbols in it will report invalid session

Interface documentation:

https://developer.huawei.com/consumer/cn/doc/development/HMSCore-References/account-gettokeninfo-0000001050050585

5. Call the oauth2/v3/token interface, whether redirect_uri must be passed

(1) Use Authorization Code to exchange Access_Token, Refresh Token, ID Token, this parameter must be passed in

(2) Use Refresh Token to obtain a new Access Token, redirect_url does not need to be passed

Refer to the official website documentation

6. How long are the validity periods of Authorization Code, Access Token, and Refresh Token?

The validity period of the Authorization Code is 5 minutes. The code is a one-time use, and it will become invalid after the application is used once.

The validity period of the Access Token is 1 hour.

Refresh Token Token is currently valid for 180 days by default.

7. Analysis of common error codes

7.1 Error code: 907135700

This error code indicates that the invocation of the gateway to query the application scope failed. You can check the following items:

1. Check whether there is a problem with the device network. Generally, the current network is unavailable or the current network cannot access the scope download site normally, such as firewall restrictions.

2. Check whether your appId has been registered on the developer alliance

3. It may be that the time of the mobile phone is wrong, and it is mistaken that the SSL certificate has expired, so that the scope cannot be downloaded and the authentication fails.

7.2 Error code: 907135701

The error code indicates that the scope is not configured for openGW, the appid does not apply for permission, or the environment does not match the appid. You can check the following items:

1. Check whether your appId has been registered on the developer alliance

2. Check whether the app_id in the agconnect-services.json file is consistent with the appid on the AGC platform;

3. Check whether the agconnect-services.json file is in the app directory of the project. The agconnect-services.json file must be in the app directory, as shown in the following figure:

4. Check whether the appId matches the HMS spk environment, both of which are commercial or test environments

7.3 Error code: 907135702

This error code indicates that openGW does not have a fingerprint certificate configured. Please configure a fingerprint certificate on the developer alliance. You can check the following points:

1. Check whether your appId has been registered on the developer alliance

2. Whether the SHA256 fingerprint is configured on the alliance, you can refer to the official website documentation

7.4 Error code: 6003

This error code indicates that the certificate fingerprint verification does not match. It is necessary to check whether the certificate signature packaged by the current client application is consistent with the signature configured on the AppGallery Connect website.

1. Open the app's APK, unzip the "META-INF" folder, get the "CERT.RSA" file, and print the signature certificate information through the keytool -printcert -file META-INF/CERT.RSA command.

2. Log in to AppGallery Connect, click "My Projects", select the project that needs to be operated, enter the project page and select the application, and then check whether the information configured in "SHA256 Certificate Fingerprint" in "Project Settings > General" is consistent with the fingerprint in step 1) .

For certificate configuration, please refer to the official website documentation

Learn more details>>

Visit the official website of Huawei Developer Alliance
Get development guidance documents
Huawei Mobile Services Open Source Warehouse Address: GitHub , Gitee

Follow us to know the latest technical information of HMS Core for the first time~