arcore-unity-extensions
arcore-unity-extensions copied to clipboard
google-ar
Cloud Anchors ErrorNotAuthorized Keyless authentication
I cannot host the cloud anchor successfully because I'm getting a response ErrorNotAuthoried. Android KeyLess Authentication.
Unity 2021.3.0f1. Android Gradel Version 6.8
I cross-checked the SHA-1 file in the Key store and GCP both are the same.
I don't know where I'm failing.
I got the same problem. Has something changed so that it is not working with the ARCore Extensions Persistent Anchor Sample project anymore?
(Sorry, this is not about keyless auth, but token auth on iOS.)
I'm getting ErrorNotAuthorized after upgrading to ARCore Extensions 1.33.0 (checked the hash to see I'm indeed using the latest release).
I'm using AR Foundation in Unity (2021.2.8f1), testing on iOS with token. I've changed the audience of the token to the new API https://arcore.googleapis.com/. Using this token, I can successfully get the cloud anchors from the Management API with an HTTP request, but the Unity package comes back with ErrorNotAuthorized when trying to host or resolve a cloud anchor.
EDIT: I seem to have fixed it. I found a version specification of the Cloud Anchors cocoapod in Assets/ExtensionsAssets/ARCoreiOSCloudAnchorDependencies which was still set to ~> 1.32.0. After I manually changed this to ~> 1.33.0, the new pod was upgraded and I got past the authentication issue. I guess merely updating the AR Core extensions package doesn't fix this mismatch in dependencies declarations.
It's probably because you haven't updated the ARCore Extensions package within your Unity project. To do this go to Windows -> Package Manager and update it to version 1.33.0
Also note that the ARCore Service API was updated so you have to make those changes as well. More information in: https://developers.google.com/ar/whatsnew-arcore#whats_new_in_arcore_v1330
Managed to get it to work on Android But - I am totally confused by the IOS keyless version - and there I am stuck on "ErrorNotAuthoried" again.
I do not understand how I am supposed to get the sample app to work. Do I need to manipulate the code to pass a token into the ARCore session - or... what...?
The issue of authentication in iOS is more difficult, since if you want the anchors to be persistent for more than 24 hours you must generate a JWT as indicated in this section of the ARCore documentation: Docs Google ARCore for Unity
@Dweeh, considering that you are using the sample app, which is really quite out of date as well, you may just want to test the functionality with API Key. The previous link also tells you how to configure it.
Thank you DevHexs for clarifying - it feels a bit better now... :)
I managed generate a JWT - but I do not understand the Signing part...
You must first enable the ARCore services at ARCore API. Signature is done with a file that is delivered to you when you set up on Google Cloud Platform. It really is a complex topic, though really the docs are pretty clear, you should be able to do it with a bit of time.
Try configuring as noted and you should have no problem trying out the sample app.
I did enable the ARCore API & set up a service account and downloaded the json - and used it to generate the JWT. I am basically a graphics person just trying to get by here... :) Even if this seems clear to you - it is causing panic attacks for someone like me ;) You mean that I use the json file to sign ? ( signature?) Like when making the JWT? Is signing something else - that I do after I made the JWT ? or does it mean that I just add more arguments when I make the JWT? I tried to read about signing JWTs- but I still do not understand how. So sorry for asking dumb questions - it is late and my head is spinng....
Okay. We may have a data leak relevant to your issue. The file that you download from the cloud platform is your signature, which it uses to generate the JWT. It also mentions that you generated the JWT, but how did you do it?
Data leak? To generate the JWT I think I installed Oauth2l and ran the code sample provided in the instructions.
I tried to use the iat and exp claims as flags in that sample now - and it seem to take it... Will find out soon if it works I guess... :)
It is hard to get a grip on everything since I do not know the terms... :P
Still can not get it to work.
I tried to use the long token generated with
oauth2l fetch --cache "" --jwt --json $KEYFILE --audience "https://arcore.googleapis.com/"
as the token
When I validate that token at https://jwt.io/#debugger-io - I get an "invalid signature" message. The values in it seems to be ok though - so I guess I did manage to generate something from the json file.
I managed to find the public and private codes - and to insert them into the public and private fields at https://jwt.io/#debugger-io. I still get the "invalid signature" message though.
Am I on the right track at all? What might I be missing?
Okay. Taking into account that you are using the example project, could you check what version of arcore plugins you have in the project? That is in the Windows/Package Manager/ section in Packages: In Projects.
It should be 1.33.x or higher.
This is the only thing I can think of that could be failing, because in version 1.33.0 the endpoint where the token verification is requested was changed.
In package manager I can only see that I got 4.2.7 I got to install ARCore 1.33 in Xcode though.
What would be super helpful would be to know what the token is that I am supposed to provide. If I know that for sure it will be far easier to try to debug the rest.
Is it the long code that is generated by: oauth2l fetch --cache "" --jwt --json $KEYFILE --audience "https://arcore.googleapis.com/" ? or do I need to do something more with it after it is generated?
Yes, that code is the token, it should be noted that it has a life time of 30 minutes, after that it will not work for you. Ok, update and hopefully it works.
I understand that you must modify or add a parameter in the oauth2l fetch --cache "" --jwt --json $KEYFILE --audience "https://arcore.googleapis.com/, but it is an area that I do not master .
It should be noted that the nature of a JWT is to validate a service in a short fraction of time, not to be something that lasts for more than 1 hour or more.
ok.... But since I am not developing something that will involve a server - that will be my only option I guess...
Thank you for your help anyway, and have a nice evening! :)