Set up OAuth for your Android app

The Home APIs uses OAuth 2.0 to grant access to devices in the structure. OAuth allows a user to grant permission to an app or service without having to expose their login credentials.

If you already have a verified OAuth client (for example, from an already published app), you can use that client to test the Home APIs without setting up a new one. For more information, see If you have an existing OAuth client.

Sign the app

First, generate an OAuth key by running your app in Android Studio. When you run or debug an app in Android Studio, it automatically generates an OAuth key intended for development and debugging. See Android Studio: Sign your debug build for a complete explanation.

Once the app is running:

  1. Connect your mobile device to your local machine. Android Studio will list your connected devices by model number. Select your device from the list, then click Run project. This builds and installs the sample app on your mobile device.

    For more detailed instructions, see Run apps on a hardware device on the Android Developers site.

  2. Stop the running app.

  3. Get the OAuth certificate's SHA-1 fingerprint by following the instructions detailed in Setting up OAuth 2.0 / Native applications / Android on the Google Cloud Console Help site.

  1. In the Google Cloud console, go to the project selector dashboard and select the project that you want to use to create OAuth credentials.
  2. Go to the APIs and Services page, and click Credentials in the navigation menu.

  3. If you haven't yet configured your consent screen for this Google Cloud project, the Configure consent screen button appears. In that case, configure your consent screen using the following procedure. Otherwise, move on to the next section.

    1. Click Configure consent screen. The OAuth consent screen page displays.
    2. Depending on your use case, select Internal or External, and then click Create. The OAuth consent screen pane displays.
    3. Enter information on the App information page according to the on-screen instructions, and then click Save and continue. The Scopes pane displays.
    4. You don't need to add any scopes, so click Save and continue. The Test users pane displays.
    5. If you want to add users to test access to your app, click Add users. The Add users pane displays. Test users have the privilege to grant permissions in your app.
    6. In the empty field, add one or more Google Account email addresses, and then click Add.
    7. Click Save and continue. The Summary pane displays.
    8. Review your OAuth consent screen information, and then click Back to dashboard.

See Setting up your OAuth consent screen on the Google Cloud Console Help site for full details.

Register the app and create credentials

To register the app for OAuth 2.0 and create OAuth credentials, follow the instructions provided in Setting up OAuth 2.0. You'll need to indicate the app type, which is native/Android app.

Add the SHA-1 fingerprint you got from signing the app to the OAuth client you set up on the Google Cloud console by following the instructions in Setting up OAuth 2.0 / Native applications on the Google Cloud Console Help site.

With your mobile device connected to your local machine, select your device from the list, then click Run project again to run it. For more detailed instructions, see Run apps on a hardware device on the Android Developers site.

If you have an existing OAuth client

If you already have a verified OAuth client for a published app, you can use your existing OAuth client to test the Home APIs.

Google Home Developer Console registration is not required to test and use the Home APIs. However, you will still need an approved Developer Console registration to publish your app, even if you have a verified OAuth client from another integration.

The following considerations apply:

  • There is a 100-user limit when using an existing OAuth client. For information about adding test users, refer to Set up the OAuth consent screen. Independent of OAuth verification, there is a Home APIs-imposed limit of 100 users who can grant permissions to your application. This limitation is lifted upon completion of Developer Console registration.

  • Developer Console registration should be sent for approval when you are ready to restrict device-type grants through OAuth in preparation for updating your app with the Home APIs.

For Google Cloud apps that are still pending OAuth verification, users can't complete the OAuth flow until verification is complete. Attempts to grant permissions will fail with the following error:

Access blocked: <Project Name> has not completed the Google verification process.
Previous
1. Get the Android SDK
Next
3. Initialize the home