I've recently switched to using Google App Signing and app bundles via the developer console. Because I've let Google manage the key, that means I effectively have 2 SHA1s:
This makes sense and is fine as long as phones are getting their installs from Google. However, I also have an internal process that builds packages to give to my team independent of Google. During development, this is the primary means by which we get the app on device, and we don't want to change that process.
The problem is that if I sign these internal builds with USHA1, they will fail to authenticate with Google Play Games services, because the console expects apps to be signed with the GSHA1. If I change the config in the console client credentials to expect the USHA1 instead, I've confirmed they can suddenly auth fine, but that would mean anyone getting the app from Google instead would fail to auth.
**** APP NOT CORRECTLY CONFIGURED TO USE GOOGLE PLAY GAME SERVICES
**** This is usually caused by one of these reasons:
**** (1) Your package name and certificate fingerprint do not match
**** the client ID you registered in Developer Console.
**** (2) Your App ID was incorrectly entered.
**** (3) Your game settings have not been published and you are
**** trying to log in with an account that is not listed as
**** a test account.
I've also tried building with the Unsigned (debug) alias, but that just generates a third equally wrong SHA1 which also fails. I can't get the private key from Google because of their security. So how am I supposed to sign my app and test with GPG authentication without uploading to Google? Even if I didn't have my own distribution system for internal builds, I wouldn't want to upload a new package to Google before testing all of the functionality locally. I must be missing something obvious, can anyone help me out?
Make sure each of your Android Client IDs (one for each SHA1) are registered as a linked app in the Play Console (not only the Cloud Console), in the Games Services section.
Each linked app in the Play Console corresponds to a pair (PackageName + Signature), so if there are two signatures to link, there should be two linked apps.