Google Service Account Json Problems

I’m trying to upload the Android APK to Google Play. I’ve created a google services account and given it the requested access. I then added the services json file into the system through the generic files storage.

I am getting this error:

Failed to create auth config from json key file, error: google: read JWT from JSON credentials: 'type' field is "" (expected "service_account")
2 Likes

Hi @lengk,

Are you sure that you followed the setup guide from the Step’s description? It seems the JSON is not a Service Account auth JSON but something else (maybe a personal one?).

I’d suggest you to generate a new one, following every step of the setup guide ( https://github.com/bitrise-steplib/steps-google-play-deploy/blob/master/step.yml#L3 ) and replace the one you uploaded.

If that wouldn’t help please copy paste the build’s bitrise.io URL and we’ll look into it ASAP! :slight_smile:

1 Like

Its quite confusing there are many ways to create service accounts. I went through the wrong one but I’ve explored a bit more and found the one that produces the right file.

I’ll update when the build has finished to let you know its worked

I manage to get the correct service account however it’s apparently not signed with the upload certificate?

https://www.bitrise.io/build/ef66ee2bc666366c

Upload apks
Failed to upload apk, error: googleapi: Error 403: APK has not been signed with the upload certificate., apkNotSignedWithUploadCertificate

Yeah, Service Account reg for Play Deploy is not a trivial process… But the step by step guide in the Step’s description should work - if there would be an issue with that just let us know! :wink:

@lengk re Play upload error:

Based on the error:

e[34;1mUpload apkse[0m
e[31;1mFailed to upload apk, error: googleapi: Error 403: APK has not been signed with the upload certificate., apkNotSignedWithUploadCertificatee[0m
|                                                                              |
+---+---------------------------------------------------------------+----------+
| e[31;1mxe[0m | e[31;1mgoogle-play-deploy@1.3.3 (exit code: 1)e[0m                       | 23 sec   |
+---+---------------------------------------------------------------+----------+
| Issue tracker: https://github.com/bitrise-io/steps-google-play-deploy/issues |
| Source: https://github.com/bitrise-io/steps-google-play-deploy               |
+---+---------------------------------------------------------------+----------+

It seems that the Keystore you uploaded to bitrise.io can not be used for Google Play deploy.

I’d suggest you to download that and try to sign an APK with that directly, then upload that APK to the Play store - you’ll get the same error.

So, in short, you have to replace the Keystore file you uploaded to bitrise.io with the one which is allowed on the Play store.

Asked around a bit and our “educated guess” is that you enabled the new “Google Play App Signing” feature (https://support.google.com/googleplay/android-developer/answer/7384423?hl=en) on Play, which requires the APK to be signed with a specific Keystore to be accepted, and you most likely did not upload that Keystore to bitrise.io

Specifically this section from the linked official guide, from the About Google Play App Signing section:

With Google Play App Signing: You sign your app with your upload key. Then, Google verifies and removes the upload key signature. Finally, Google re-signs the app with the original app signing key you provided and delivers your app to the user.

If you’d have any questions just let us know! :slight_smile:

I had the same error:

Failed to upload apk, error: googleapi: Error 403: APK has not been signed with the upload certificate., apkNotSignedWithUploadCertificate

I spent couple of hours till I realise that my file extension was .keystore not .jks

I used the following command to convert it:
keytool -importkeystore -srckeystore [MY_FILE.keystore] -srcalias [ALIAS_SRC] -destkeystore [MY_KEYSTORE.jks] -deststoretype jks -deststorepass [PASSWORD_JKS] -destalias [ALIAS_DEST]

1 Like

Thanks for reporting @predescu! I’ll create a report for the tooling team :slight_smile:

Actually @predescu, can you please copy paste a related build’s bitrise.io URL? It’d help a lot in having all the context for the fix :slight_smile: