[ERROR:flutter/runtime/dart_vm_initializer.cc(41)] Unhandled Exception: PlatformException(android-unhandled: androidx.credentials.TYPE_CREATE_PUBLIC_KEY_CREDENTIAL_DOM_EXCEPTION/androidx.credentials.TYPE_SECURITY_ERROR, The incoming request cannot be validated, The incoming request cannot be validated, null)

[Sarath191181208]

Running the example app seems to work fine but when I generate my own key for signing in apps or resuing the same key in a different app it shows the same error (PlatformException(android-unhandled: androidx.credentials.TYPE_CREATE_PUBLIC_KEY_CREDENTIAL_DOM_EXCEPTION/androidx.credentials.TYPE_SECURITY_ERROR, The incoming request cannot be validated). Tried various other things and saw that only the given example.keystore works for me. Any other signin using keytool isn't begin valid. The command used to generate my own keys:
keytool -genkey -v -keystore ./android/example2.keystore -keyalg RSA -keysize 2048 -validity 10000 -alias example

// android/build.gradle 
signingConfigs {
       example {
           keyAlias 'example'
           keyPassword 'example'
           storeFile file('../example.keystore')
           storePassword 'example'
       }
   }

This works but this doesn't

// android/build.gradle 
signingConfigs {
        example {
            keyAlias 'example'
            keyPassword 'example'
            storeFile file('../custom.keystore')
            storePassword 'example'
        }
    }

I am not sure if this is the issue but according to trying different things the app only throws the exception here. So, I assumed maybe the package only handles it's own key file (or) the documentation should be updated to show how to signin keys properly.

My flutter version and the build tools versions:

❮ flutter doctor --verbose
[✓] Flutter (Channel , 3.24.3, on Arch Linux 6.11.3-arch1-1, locale en_US.UTF-8)
    • Flutter version 3.24.3 on channel  at /usr/lib/flutter
    • Upstream repository https://github.com/flutter/flutter.git
    • Framework revision archlinuxaur (unknown (arch linux aur package)), 2038-01-19 03:14:08
    • Engine revision 36335019a8ea
    • Dart version 3.5.3
    • DevTools version 2.37.3

[✓] Android toolchain - develop for Android devices (Android SDK version 34.0.0)
    • Android SDK at /home/sarath/Android/Sdk
    • Platform android-34, build-tools 34.0.0
    • Java binary at: /usr/bin/java
    • Java version OpenJDK Runtime Environment (build 17.0.13+11)
    • All Android licenses accepted.

[✗] Chrome - develop for the web (Cannot find Chrome executable at google-chrome)
    ! Cannot find Chrome. Try setting CHROME_EXECUTABLE to a Chrome executable.

[✓] Linux toolchain - develop for Linux desktop
    • clang version 18.1.8
    • cmake version 3.30.5
    • ninja version 1.12.1
    • pkg-config version 2.1.1

[✓] Android Studio (version 2024.2)
    • Android Studio at /opt/android-studio
    • Flutter plugin version 82.1.3
    • Dart plugin can be installed from:
      🔨 https://plugins.jetbrains.com/plugin/6351-dart
    • Java version OpenJDK Runtime Environment (build 21.0.3+-12282718-b509.11)

[✓] Connected device (2 available)
    • RMX2081 (mobile) • 192.168.29.223:38221 • android-arm64 • Android 11 (API 30)
    • Linux (desktop)  • linux                • linux-x64     • Arch Linux 6.11.3-arch1-1

[✓] Network resources
    • All expected network resources are available.

! Doctor found issues in 1 category.

[saprahits]

I have face same issue.

[dslAnna]

我也是，将demo的包名和keystore文件放入自己建立的demo中，能正常调用；但自己的包名和keystore/jks却不行（已在Corbado后台设置>原生应用程序添加了）。作者能不能来看看，问题出在哪，该怎么办，着急[皱眉]

[atmayama]

changing rpID for the exact sub-domain where assetlinks is deployed worked for me.

[saprahits]

changing rpID for the exact sub-domain where assetlinks is deployed worked for me.

Could please you share example?

[atmayama]

changing rpID for the exact sub-domain where assetlinks is deployed worked for me.

Could please you share example?

Yes, In my case we use a auth provider. so the rpId was coming as say "example.com" but the assetlinks.json was hosted at "auth.example.com". so I manually put the rpId as auth.example.com. and then this error disappeared.

[saprahits]

changing rpID for the exact sub-domain where assetlinks is deployed worked for me.

Could please you share example?

Yes, In my case we use a auth provider. so the rpId was coming as say "example.com" but the assetlinks.json was hosted at "auth.example.com". so I manually put the rpId as auth.example.com. and then this error disappeared.

Let me check. Thanks for the support

[dslAnna]

changing rpID for the exact sub-domain where assetlinks is deployed worked for me.

为部署资产链接的确切子域更改rpID对我有效。

你能分享一个例子吗？

是的，就我而言，我们使用身份验证提供商。所以rpId是“example.com”，但assetlinks.json托管在“auth.example.com”。所以我手动将rpId设置为auth.example.com。然后这个错误消失了。

这似乎是在后端接口API的作用，我目前是还没有到达接入接口，调用就报错了。我尝试“App Links Assistant > Open Digital Asset Links”输入'/Users/username/.android/debug.keystore'才有效，自己项目中的key.keystore却校验不过，在文档“4.2安卓上的关联文件：asselinks.json”里可看到sha256_cert_fingerprints的值是插件demo中的keystore，而不是debug.keystore。我想知道这一些是如何做到的，具体应该如何配置，asselinks.json的生成是作用于依赖方接口还是全程？

[Dopeamin]

Thank you for raising this issue!

As far as i understood. The key used in the example project is tied to the assetlinks.json file hosted on our side, which allows the OS to verify the app's ownership during the passkey registration process. This verification is done by comparing the relying party ID (RP ID) and the key against the hosted assetlinks.json. Because of this, the key cannot be manually changed in the example project without breaking this linkage.

For more details on how this process works, please refer to section 5.1 of our blog post. If you'd like to avoid hosting assetlinks.json yourself, you can create a project on corbado.com and use the platform to handle this for you. This is explained in our blog post on Flutter Passkey Authentication.

If you have further questions or need additional guidance, feel free to share more details here or reach out directly. I'll close this issue due to inactivity, but you're welcome to reopen it if needed.

Thank you

[Dopeamin]

As this has been stale for the past week . i will be closing the issue so please feel free to reopen it if there are any new findings or any new issues .