This is my code that im doing auth. I've used #react-native-firebase/auth for this. I've downloaded google-services.json file and placed in the android folder.
Now if I run the code and after entering the Phone Number It is throwing error that:
[Error: [auth/rejected-credential] The request contains malformed or mismatching credentials [ App ID does not match requested project. ]]
How to solve this?
handleSendCode = () => {
// Request to send OTP
if (this.validatePhoneNumber()) {
auth()
.signInWithPhoneNumber(this.state.phone)
.then(confirmResult => {
this.setState({ confirmResult })
})
.catch(error => {
alert(error.message)
console.log(error)
})
} else {
alert('Invalid Phone Number')
}
}
most likely this is about the issue, that when you create firebase project you must define ID of your project, like a package name. After firebase generates for you the json file that you put to your project.
So if id of project is not the same as in generated json file, there will be issue.
There are three reasons why you might be getting auth/rejected-credential error:
The google-services.json file you are using has invalid projectId. This is highly unlikely since you downloaded it from Firebase directly.
Your Firebase Project Settings is missing Android SHA certificate fingerprint that matches your certificate in Android Keystore.
Here you can find instructions how to find SHA cert fingerprint.
Firebase Projects can have many SHA fingerprints assigned, however only one project can be assigned to a SHA fingerprint.
Your Auto-generated Android API key in Google Cloud Console has SHA fingerprint restriction assigned that doesn't match the Android certificate you are using when building your application.
Hello Everyone I got the answer fro my question.
Firstly I've followed the fire base rules and I've created one project and later due to this error i have deleted that project in fiebase and created new project . But here I didn't noticed that the SHA key which is generated is already assigned to a project and for this reason i was not getting.
Now Created a new project and followed the rules and all now i got the error solved.
I am trying to add Google Sign In to my Android App. I have followed the instructions in the below link:
https://developers.google.com/identity/sign-in/android/start-integrating
I have dougle checked that all the pre-requisites are met: 1. I have API version 27, Google Play Services Version 49, Google Repository version 58. I also have created a keystore (JKS) for debug, and have the App signed (Android Studio: File --> Project Structure --> (modules) app -> then configured Signing, Flavors and Build types tabs using this keystore and the alias created. I have then created a Project in Google Cloud console, created OAuth Credential for Android and have configured the SHA1 fingerprint, and have made sure that the package name is as per the manifest file.
However, the below code always results in APIException (com.google.android.gms.common.api.ApiException: 10:, Status{statusCode=DEVELOPER_ERROR, resolution=null} ).
I have followed the code snippets as per the below link:https://developers.google.com/identity/sign-in/android/sign-in
private void handleSignInResult(Task<GoogleSignInAccount> completedTask) {
try {
GoogleSignInAccount account = completedTask.getResult(ApiException.class);
// Signed in successfully, show authenticated UI.
String k="";
} catch (ApiException e) {
// The ApiException status code indicates the detailed failure reason.
}
}
I then deleted the Android OAuth Credential in Google Cloud Console project, and then created a Web Application project and tried using the client id in my Android code, which also did not work. I got the same exception. What am I doing wrong here?
I also would like to know what is the use of the Client Secret (downloadable JSON file) showing up in my OAUth creadential in the Google cloud console project?
I also have read some articles in which it is mentioned about Google-services.json file which I have not added to my project because the Google developers documentation I have followed (mentioned above) does not mention such an activity. I also have not seen such a file in Google Cloud Console, inside my project's OAuth credentials. Am I missing something here?
You have added a debug SHA-1 key in firebase console
You need to add release SHA-1 key in firebase console
You can generate release SHA-1 key by following steps :
add signing config in gradle file
click on gradle option (located at right side of android studio)
click on :<AppName> -> android -> signingReport (double click it).
this will generate signing SHA-1 key and you can see it in Run option in android studio below tab.
Note:- There will be debug and release both SHA-1 keys will present in Run tab. You need to pick release SHA-1 key. (If you didn't find release SHA-1 key, double check that you have added release configs in app level build.gradle file).
Now you can see the release SHA-1 key in run tab
As per the documentation:
Do not include the API key anywhere in your client code.
And it is the case in our current Android app -- the API Key is nowhere included in the code. However, for the new version 3.0.0 of com.google.gms:google-services library, it started throwing error Missing api_key/current_key without it, as discussed here: Missing api_key/current key with Google Services 3.0.0.
Also, Google's config generator https://developers.google.com/mobile/add?platform=android&cntapi=gcm includes the API Key in the google-services.json file.
Is it supposed to be kept secret? Or is it safe to include it in the client app?
The google-services.json file represents the configuration for all of the services available within Firebase. There are some services that require and "Android" API key. These are the API keys that you will find in the google-services.json file. Your app may or may not use these API keys depending on the Firebase APIs your app is using.
FCM has a "Server" API key that is used to send messages, this API key is NOT the key included in the google-services.json file. The server API key should never be included in your application. The google services plugin however does look for those Android API keys at build time and that could be the reason for your error, it is not because your FCM server API key is missing.
Answering my own question.
If I create a new test project on Firebase (https://console.firebase.google.com), it also includes the API Key into
google-services.json for Android app,
GoogleService-Info.plist for iOS app,
for Web App it even recommends to include the API key into my HTML.
Taken that HTML is definitely public, I'm pretty convinced now that it's not a secret.
If you are using GCM, your Android app need not know about the API key. I just had to include an empty field for api_key in the json file for GCM to work. As mentioned in tha answer here Missing api_key/current key with Google Services 3.0.0 and Maps API key in build.gradle, I just had to add a line like below in google-services.json for GCM to work:
"api_key": [
{
"current_key": ""
}
],
I think you shouldn't include the API key, since I think only your server needs API key to authenticate with Google for requesting it to send push messages to intended recepients. It would be a risk if anyone gets hold of it. So file can look like:
{
"project_info": {
...
},
"client": [
{
"client_info": {
...
},
"oauth_client": [
{
"client_id": "yourid.whatever.com",
...
}
],
"api_key": [
{
"current_key": ""
}
],
"services": {
...
}
}
],
"configuration_version": "1"
}
Hope this helps.
I'm trying to get a user token ID using the new Google play services 8.3
and as documented I pass the server ID:
GoogleSignInOptions gso = new GoogleSignInOptions.Builder(GoogleSignInOptions.DEFAULT_SIGN_IN)
.requestIdToken(getString(R.string.server_client_id))
.requestEmail()
.build();
but I'm still getting un successful result as below:
{statusCode=unknown status code: 12501, resolution=null}
and documented here GoogleSignInStatusCodes
The sign-in was cancelled by the user. i.e. the user cancelled some of the sign-in resolutions, e.g. account picking or OAuth consent.
Constant Value: 12501
That is not my case, as I already picked an account. Any idea what could be the reason?
I had exactly the same problem and i have found the solution.
If you follow the documentation found here:
https://developers.google.com/identity/sign-in/android/start-integrating
The first step tells you to create the configuration file (which creates an OAuth 2.0 client ID for you and inserts it into the google-services.json)
Then later, it says again about creating a OAuth 2.0 client ID, but this time it says that you have to do it for Web application
And this is the confusing part! (at least for me) because i was just taking the client id created for the android OAuth and not creating a new one for Web application (I thought the documentation was just redundant or something)
As it says, it is this one, and only this one the one you have to use as a parameter of the methods requestIdToken or requestServerAuthCode.
Forget about using the Android OAuth ID in this methods because then you will get all the time the ugly status code response 12501.
I think the main problem is that the documentation is a bit confusing about this. Or maybe because it is a bit strange the fact that you have to create two OAuth IDs.
So as a summary, you need TWO OAuth IDs, one for android and one for web application, and you have to set each one in the correct place.
I was struggling with this and wasted almost a week in it.
This is how I got it worked.
Import Project in AndroidStudio
Create debug keystore for project.
Create SHA1 signature for project using debug keystore.
Using SHA1 signature, register your app for Google Signin on Google Developer Console.
Generate a Google Configuration file there.(Put in Android Studio's app folder)
Use Web Client ID from OAuth 2.0 credentials in your Android Project.
Now, from Android Studio, generate debug build(APK) of your project.
Mount the device in your system -> copy this signed debug version of APK and install it.
Last three steps 6, 7 and 8, are what you actually need to take care of. If you directly run the project then APK is not actually signed with the debug keystore and google does not recognise it at all.
I had the same problem, after research solution it's resumed that server_client_id contained some incorrect value or your google_services.json didn't include oauth_client with client_id that registered with your keystore.
requestIdToken(getString(R.string.server_client_id))
R.string.server_client_id use OAuth 2.0 client ID for Web Application. And OAuth Client ID for Android use in google_services.json
Usually we use 2 keystore, 1 using debug keystore and 1 using signed keystore for published. So if we want to need in debug & publish mode, register your OAuth Client ID for Android twice, 1 using SHA1 from debug keystore and 1 from signed keystore for published.
small example in my google_services.json
"oauth_client": [
{
"client_id": "xxx-client-id.com",
"client_type": 1,
"android_info": {
"package_name": "com.app.android",
"certificate_hash": "xxxhash"
}
},
{
"client_id": "yyy.client-id.com",
"client_type": 1,
"android_info": {
"package_name": "com.app.android",
"certificate_hash": "yyyhash"
}
}
],
I was getting the same issue, it was because I created client ID of application type Android
Instead, I deleted it and created client ID of type web application and I got rid of this issue.
Just figure out how to solve this... I was getting this error while trying to run the debug version of my app... To fix it, add a credential for your debug app on the developer console and also on the google-services.json.
this fixed it for me!
I had the same problem, and I solved with the following solution:
Create configuration file (google-services.json) as described here and place in your /app project directory
(As mentioned in other answers) Using Web application Client ID for requestIdToken method.
[My main problem] Sign your app if you work on debug mode like below:
signingConfigs {
release {
storeFile file("myreleasekey.keystore")
storePassword "password"
keyAlias "MyReleaseKey"
keyPassword "password"
}
}
buildTypes {
release {
...
}
debug {
...
signingConfig signingConfigs.release
}
}
Now I got it.
So first you must follow the upper answers saying:
create a OAuth client-id for web applications in the Google Developers Console and use it in requestIdToken()
(get rid of status code 12501)
if you created a Android OAuth client-id for your production hash key, create a new Android OAuth client-id for your debug hash key and integrate it into your google-services.json.
(get rid of status code 12500)
No longer valid
And here comes the last Part:
3. you can not call requestIdToken() and requestEmail() at once. At least in my case I got rid of Result: Status{statusCode=INTERNAL_ERROR, resolution=null} by deleting requestEmail().
So good luck...
In my case, I also had to check that the debug SHA-1 was added as a valid OAuth Android client.
Use Web application as server_client_id not Android application
I had the same problem and I noticed that 12501 code was returned when my server_client_id contained some incorrect value.
Since there is no detailed message and the documentation of this error code is rather poor I don't know if your problem has the same cause as mine.
My application is based on Android code from this example (class IdTokenActivity).
To make it work I also needed to integrate Google sign-in into my app:
generated json config file with enabled Google Sign-In
added Google plugin and dependency to my gradle file
created OAuth client ID for this app and saved it in my project as server_client_id
Is your apk in debug mode? I think it only works with a signed apk.
Follow the ambiguous google's document.
Put google-services.json to your project directory
Set your gradle as https://stackoverflow.com/a/35216421/5886475
Set server_client_id in string.xml .It's your web client id not android client
A problem I had is that the SHA-1 I generated as with the incorrect alias.
The alias MUST BE androiddebugkey .
So I have put the Android OAuth ID at my google-service.json file. I have put the Web Client Id to requestIdToken().
And in my specific case, I generated the SHA-1 with androiddebugkey alias.
google-services.json:
"oauth_client": [
{
"client_id": "ANDROID OAUTH ID-.....apps.googleusercontent.com",
"client_type": 1,
"android_info": {
"package_name": "br.com.packagename",
"certificate_hash": "SHA-1 HASH"
}
},{
"client_id": "WEB CLIEND ID......apps.googleusercontent.com",
"client_type": 3
}
]
Signing part:
GoogleSignInOptions gso = new GoogleSignInOptions.Builder(GoogleSignInOptions.DEFAULT_SIGN_IN)
.requestIdToken("WEB CLIEND ID......apps.googleusercontent.com")
.requestEmail()
.build();
In place of R.string.server_client_id , just use R.string.default_web_client_id .
When you copy the google-services.json file into the app, it creates this string value automatically. You don't need to copy the key from google-services.json to string.xml
It worked for me.
I solved this issue by Clicking Firebase Support in Android Studio, which may not be relevant to non-Firebase users.
Go to menu Tools->Firebase
Click Connect your app to Firebase, it will display as Connected in green once connection is successful
Click Add Firebase Authentication to your app button, it will also turn green.
NOTE: Having huge list of answers in this definitely confirm one thing. Google needs to update and keep the documentation fool proof.
If none of the above options work, do check whether you applicationId in app build.gradle is same as you package name.
Oviously first check your release sha1 key is correct or not. But if still it is not working and you ar using google play services 8.4.0 (i.e.compile 'com.google.android.gms:play-services:8.4.0'), the issue could be solved by modifying GoogleSignInOption object.
Instead of:
GoogleSignInOptions gso = new GoogleSignInOptions.Builder(GoogleSignInOptions.DEFAULT_SIGN_IN)
.requestEmail()
.requestIdToken("YOUR_WEB_API_ID.apps.googleusercontent.com")
.build();
You have to use :
GoogleSignInOptions gso = new GoogleSignInOptions.Builder(GoogleSignInOptions.DEFAULT_SIGN_IN)
.requestScopes(new Scope(Scopes.PLUS_LOGIN))
.requestScopes(new Scope(Scopes.PLUS_ME))
.requestEmail()
.build();
This solves error returning statusCode=INTERNAL_ERROR OR statusCode=Error 12501 OR statusCode=Error 12500.
Then this gso object could be used for creating GoogleApiClient as shown below:
mGoogleApiClient = new GoogleApiClient.Builder(this)
.enableAutoManage(this, this)
.addApi(Auth.GOOGLE_SIGN_IN_API,gso)
// .addApi(Plus.API, null)
.addConnectionCallbacks(this)
.addOnConnectionFailedListener(this)
// .addScope(Plus.SCOPE_PLUS_LOGIN)
.build();
Don't know why but SHA1 in android studio is changed automatically and that's why I am getting this error. To solve this I updated the SHA1 of my firebase project settings with the new SHA1 of my android studio and it started working again.
In my case, my Credentials for Client ID for Android on Google APIs Console only contained the SHA-1 for my release signed APK. Android Studio was using the default debug keystore to sign my debug builds, and in that case the debug keystore SHA-1 did not match the Android client SHA-1 online. My solution was to simply sign the debug builds with the release keystore.
In Android Studio, Build/Edit Build Types..., then select your debug build type and make sure Signing Config is set to your release certificate.
Try following these steps:
Clone the following project https://github.com/googlesamples/google-services
Follow the guide at https://developers.google.com/identity/sign-in/android/start
Use Web client (auto created by Google Service) and add it in requestIdToken(...)
GoogleSignInOptions gso = new GoogleSignInOptions.Builder(GoogleSignInOptions.DEFAULT_SIGN_IN)
.requestEmail()
.requestIdToken("YOUR_WEB_API_ID.apps.googleusercontent.com")
.build();
Make sure you are using the same keystore used which is added to Google project. For instance, if you have used the following command to generate SHA-1 key
keytool -exportcert -list -v -alias androiddebugkey -keystore ~/.android/debug.keystore
Then add the following code in app/build.gradle file inside android { ... } [Solved my problem]
signingConfigs
{
debug
{
storeFile file("/home/ashwin/.android/debug.keystore")
storePassword "android"
keyAlias "androiddebugkey"
keyPassword "android"
}
}
buildTypes
{
release
{
minifyEnabled false
proguardFiles getDefaultProguardFile('proguard-android.txt'), 'proguard-rules.pro'
}
debug
{
signingConfig signingConfigs.debug
}
}
Note: Your keyPassword and keyAlias should be the same used during generation of SHA-1 certificate.
If you are using the debug keystore to build the project, you need to add the SHA-1 fingerprint of debug.keystore on Firebase Console.
On your Firebase Console, open your Project
Go to Parameters. Tab General
At the end of this page, there is a field to add a Fingerprint SHA-1
Paste the SHA-1 in the console field.
To obtain SHA-1 of debug.keystore :
Mac/Linux :
keytool -exportcert -list -v -alias androiddebugkey -keystore ~/.android/debug.keystore
Windows :
keytool -exportcert -list -v -alias androiddebugkey -keystore %USERPROFILE%\.android\debug.keystore
https://developers.google.com/android/guides/client-auth
That's all !
I had the same problem and error 12501 and non of of above did work for me.
My problem was I using google Default web api that generated for me. after creating my own web api error disappeared and worked fine!
these are working steps:
first I created SHA1 debug key and add to Firebase console. creating SHA1 from here.
create both web api and android OAuth 2.0 client ID from here
get generated google-service.json from Firebase console and put in app folder.
put this code for GoogleSignnOption
like this:
gso = new GoogleSignInOptions.Builder(GoogleSignInOptions.DEFAULT_SIGN_IN).requestIdToken
("put the web app client Id that get from the link in developer console ")
.requestEmail().build();
tip 1: I find out that you should create both android and web app Client Id to work.
tip 2: if you from Iran like me you can get the user from google but you can not AuthWithGoogle and result will fail in auth.signInWithCredential(credential) and you had to use some proxy for returning true.
this is the working full source of FireBaseAuthDemo in github:
hope help full
I had this problem too, after following Google's instructions for Automatically signing your app. If you are using this method to sign your apps, you will need to include the generated keystore fingerprint in your API credentials.
On the project browser, right click on your app and select Open Module
Settings.
I found it less confusing to put the .jks file in my project's /app directory. In any case run this line on it.
keytool -list -v -keystore /home/user/keystores/android.jks
You will be prompted for a password. Not sure if it's the Key Password or Store Password because mine are the same. :|
The console will spit out a bunch of certificate fingerprints. Take the SHA1 one and punch it into your API credentials at the Google API Developer's Console. You will need to enter it for the Android client OAuth 2.0 client IDs even though you don't actually use that client_id in your app. If you are using other APIs for android, put the same SHA1 in the appropriate key credentials under API keys too.
Here is a new one. I was trying for 6 hours to login on the emulator with the id from my corporate Google Apps domain, to no avail, getting 12501 errors. On a hunch, I tried my personal gmail id and it worked. Ditto if I tried on my phone with my corporate id. It turns out the emulator did not have the proper Mobile Device Management settings to allow my corporate id to login.
So If I want to test on the emulator with this corporate id, I have to install Google Play Store, then the MDM software, and configure it.
From my weird experience with this error, I can say that you also need to try to reboot your phone in order to get rid of this error :)
I was implemented Google Sign In using G Suite accounts which have a device policy assigned via Google Admin. So on the first sign in it was requiring to install Device Policy app. After all later steps completed, it was just throwing 12501 error. Same time the same app was working fine on other phones. So only reboot helped. But helped
Though already many upvoted answers exist in this question, I struggled to understand the logic.
So, I come up with my research.
Create a app using correct package name & Signing-certificate fingerprint SHA-1 https://developers.google.com/mobile/add?platform=android&cntapi=signin
Enable google sign-in
Generate the configuration file.
To get SHA-1, run this in terminal:
keytool -exportcert -keystore path-to-debug-or-production-keystore -list -v
About OAuth 2.0 client IDs
OAuth for the web (In app this is used as server_client_id)
OAuth for android (This needs to be created using correct package name & Signing-certificate fingerprint SHA-1).
If you are using the different keystore for debug & release, you need to create separate OAuth 2.0 client IDs using respective package name & SHA-1.
You can create or edit your OAuth 2.0 client IDs here https://console.developers.google.com/apis/credentials?project=
Navigating to your app.
If you already have a OAuth for Android, click in its name & check the package name & SHA-1.
We can use the same keystore for both debug & release by saving the keystore details in global(local, not inside project) gradle.properties & getting it in build.gradle as below.
def key_alias = ""
def key_password = ""
def store_file = ""
def store_password = ""
try {
key_alias = YOUR_KEY_ALIAS
key_password = YOUR_KEY_PASSWORD
store_file = YOUR_KEYSTORE_PATH
store_password = YOUR_KEYSTORE_PASSWORD
} catch (Exception exception) {
throw new IllegalStateException('Failed to find key store details. Social Login is disabled');
}
android {
signingConfigs {
config {
keyAlias key_alias
keyPassword key_password
storeFile file(store_file)
storePassword store_password
}
}
buildTypes {
debug {
signingConfig signingConfigs.config
// ...
}
release {
signingConfig signingConfigs.config
// ...
}
}
}
You can use below snippet
#Override
protected void onActivityResult(int requestCode, int resultCode, Intent data) {
super.onActivityResult(requestCode, resultCode, data);
if (requestCode == REQUEST_CODE_GOOGLE_SIGN_IN) {
GoogleSignInResult result = Auth.GoogleSignInApi.getSignInResultFromIntent(data);
if (result.isSuccess()) {
// ...
} else if (result.getStatus().getStatusCode() == CommonStatusCodes.NETWORK_ERROR) {
// No internet connection
} else if (result.getStatus().getStatusCode() == CommonStatusCodes.DEVELOPER_ERROR) {
// Wrong server OAuth key(server_client_id)
} else if (result.getStatus().getStatusCode() == 12501) {
// Wrong app signing-certificate fingerprint SHA1
} else {
Log.e("Google sign in error", result.getStatus().toString());
}
}
}
Note: If you enabled only Google Sign-In when you generated the configuration file, you need not to add the google-servies.json file in your project.(generating the file performs the necessary configuration steps).
1.Specify signingConfigs in your gradle file
signingConfigs {
config {
keyAlias 'appalias'
keyPassword 'hunter123'
storePassword 'hunter123'
storeFile file('path/to/keystore.jks')
}
}
2.Go to Build Types in Project Structure (in Android Studio) and specify signingConfigs to "config"
Now clean your project and build again. It should work.
If the above doesn't work then below is your last resort.
Try step one and build and check. If it's not working go to next step and try to build again.
Build a signed apk (With remember password checked).
Before signing check the filename of the keystore file and the one yo give in while signing the apk (in android studio).
Install the signed apk in your device.
Wait for five minutes.
Try singing in to google. If still 12501 is coming wait five more minutes. While doing that hit gradle sync.
Try again. It should work.
I have same problem too, Was resolved as follows:
I was made to delete the SHA1 previously thought and create and set new SHA1.
generate new google-services.json and set into my app directory
I was use exactly google developer codes
my result.isSucces() returned true after running the project
as summary, delete old sha1 and create new sha1 and download new google-services.json
I was facing the same 12501 status error. This is due to SHA-1 mismatch of release APK and debug APK.
Make a signed APK. To sign an APK, choose existing path of the keystore you have used for creating SHA-1. e.g. /.android/debug.keystore
Give alias-name : androiddebugkey
storepass and keypass : android.
I have developed lib to Add Google SignIn option in your app with just few lines of code. Try HiGoogle- Google SignIn Made Easy
Use Web application as server_client_id not Android application. Pass it in the HiGoogle constructor.