diff --git a/CHANGELOG.md b/CHANGELOG.md index 60d1eeaa..3fb81847 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -15,6 +15,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 - [core] Fix "no native root CA certificates found" on platforms unsupported by `rustls-native-certs`. +- [core] Fix all APs rejecting with "TryAnotherAP" when connecting session + on Android platform. +- [core] Fix "Invalid Credentials" when using a Keymaster access token and + client ID on Android platform. ### Removed diff --git a/core/src/connection/handshake.rs b/core/src/connection/handshake.rs index 03b35598..c94b1fb7 100644 --- a/core/src/connection/handshake.rs +++ b/core/src/connection/handshake.rs @@ -111,7 +111,6 @@ where thread_rng().fill_bytes(&mut client_nonce); let platform = match crate::config::OS { - "android" => Platform::PLATFORM_ANDROID_ARM, "freebsd" | "netbsd" | "openbsd" => match ARCH { "x86_64" => Platform::PLATFORM_FREEBSD_X86_64, _ => Platform::PLATFORM_FREEBSD_X86, @@ -120,7 +119,12 @@ where "aarch64" => Platform::PLATFORM_IPHONE_ARM64, _ => Platform::PLATFORM_IPHONE_ARM, }, - "linux" => match ARCH { + // Rather than sending `Platform::PLATFORM_ANDROID_ARM` for "android", + // we are spoofing "android" as "linux", as otherwise during Session::connect + // all APs will reject the client with TryAnotherAP, no matter the credentials + // used was obtained via OAuth using KEYMASTER or ANDROID's client ID or + // Login5Manager::login + "linux" | "android" => match ARCH { "arm" | "aarch64" => Platform::PLATFORM_LINUX_ARM, "blackfin" => Platform::PLATFORM_LINUX_BLACKFIN, "mips" => Platform::PLATFORM_LINUX_MIPS, diff --git a/core/src/connection/mod.rs b/core/src/connection/mod.rs index 2e9bbdb4..6f2c7d44 100644 --- a/core/src/connection/mod.rs +++ b/core/src/connection/mod.rs @@ -101,7 +101,7 @@ pub async fn authenticate( let cpu_family = match std::env::consts::ARCH { "blackfin" => CpuFamily::CPU_BLACKFIN, - "arm" | "arm64" => CpuFamily::CPU_ARM, + "arm" | "aarch64" => CpuFamily::CPU_ARM, "ia64" => CpuFamily::CPU_IA64, "mips" => CpuFamily::CPU_MIPS, "ppc" => CpuFamily::CPU_PPC, diff --git a/core/src/login5.rs b/core/src/login5.rs index dca8f27e..75f739a1 100644 --- a/core/src/login5.rs +++ b/core/src/login5.rs @@ -75,6 +75,11 @@ impl Login5Manager { async fn login5_request(&self, login: Login_method) -> Result { let client_id = match OS { "macos" | "windows" => self.session().client_id(), + // StoredCredential is used to get an access_token from Session credentials. + // Using the session client_id allows user to use Keymaster on Android/IOS + // if their Credentials::with_access_token was obtained there, assuming + // they have overriden the SessionConfig::client_id with the Keymaster's. + _ if matches!(login, Login_method::StoredCredential(_)) => self.session().client_id(), _ => SessionConfig::default().client_id, };