Develop Reference

Application crashes when using google login plugin firebase [duplicate]

I am trying to integrate Google Sign In into my app. I don't have a back-end server, I am just getting the details of the logged on Google Account to my app.
I first tried it by using Google Sign In Example but I got an error (No code changes made except for printing the stacktrace below). I just used the example SignInActivity as I don't have a back-end server.
Exception com.google.android.gms.common.api.ApiException: 12500:
at com.google.android.gms.common.internal.zzb.zzz(Unknown Source)
at com.google.android.gms.auth.api.signin.GoogleSignIn.getSignedInAccountFromIntent(Unknown Source)
at com.ewise.android.api.MainActivity.onActivityResult(SignInActivity.java:89) at android.app.Activity.dispatchActivityResult(Activity.java:7010)
at android.app.ActivityThread.deliverResults(ActivityThread.java:4187)
at android.app.ActivityThread.handleSendResult(ActivityThread.java:4234)
at android.app.ActivityThread.-wrap20(ActivityThread.java)
at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1584)
at android.os.Handler.dispatchMessage(Handler.java:102)
at android.os.Looper.loop(Looper.java:154)
at android.app.ActivityThread.main(ActivityThread.java:6316)
at java.lang.reflect.Method.invoke(Native Method)
at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:872)
at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:762)
Code
public class SignInActivity extends AppCompatActivity implements
View.OnClickListener {
private static final String TAG = "SignInActivity";
private static final int RC_SIGN_IN = 9001;
private GoogleSignInClient mGoogleSignInClient;
private TextView mStatusTextView;
#Override
protected void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
setContentView(R.layout.activity_main);
// Views
mStatusTextView = findViewById(R.id.status);
// Button listeners
findViewById(R.id.sign_in_button).setOnClickListener(this);
findViewById(R.id.sign_out_button).setOnClickListener(this);
findViewById(R.id.disconnect_button).setOnClickListener(this);
// [START configure_signin]
// Configure sign-in to request the user's ID, email address, and basic
// profile. ID and basic profile are included in DEFAULT_SIGN_IN.
GoogleSignInOptions gso = new GoogleSignInOptions.Builder(GoogleSignInOptions.DEFAULT_SIGN_IN)
.requestEmail()
.build();
// [END configure_signin]
// [START build_client]
// Build a GoogleSignInClient with the options specified by gso.
mGoogleSignInClient = GoogleSignIn.getClient(this, gso);
// [END build_client]
// [START customize_button]
// Set the dimensions of the sign-in button.
SignInButton signInButton = findViewById(R.id.sign_in_button);
signInButton.setSize(SignInButton.SIZE_STANDARD);
signInButton.setColorScheme(SignInButton.COLOR_LIGHT);
// [END customize_button]
}
#Override
public void onStart() {
super.onStart();
// [START on_start_sign_in]
// Check for existing Google Sign In account, if the user is already signed in
// the GoogleSignInAccount will be non-null.
GoogleSignInAccount account = GoogleSignIn.getLastSignedInAccount(this);
updateUI(account);
// [END on_start_sign_in]
}
// [START onActivityResult]
#Override
public void onActivityResult(int requestCode, int resultCode, Intent data) {
super.onActivityResult(requestCode, resultCode, data);
// Result returned from launching the Intent from GoogleSignInClient.getSignInIntent(...);
if (requestCode == RC_SIGN_IN) {
// The Task returned from this call is always completed, no need to attach
// a listener.
Task<GoogleSignInAccount> task = GoogleSignIn.getSignedInAccountFromIntent(data);
handleSignInResult(task);
}
}
// [END onActivityResult]
// [START handleSignInResult]
private void handleSignInResult(Task<GoogleSignInAccount> completedTask) {
try {
GoogleSignInAccount account = completedTask.getResult(ApiException.class);
// Signed in successfully, show authenticated UI.
updateUI(account);
} catch (ApiException e) {
// The ApiException status code indicates the detailed failure reason.
// Please refer to the GoogleSignInStatusCodes class reference for more information.
Log.w(TAG, "signInResult:failed code=" + e.getStatusCode());
e.printStackTrace();
updateUI(null);
}
}
// [END handleSignInResult]
// [START signIn]
private void signIn() {
Intent signInIntent = mGoogleSignInClient.getSignInIntent();
startActivityForResult(signInIntent, RC_SIGN_IN);
}
// [END signIn]
// [START signOut]
private void signOut() {
mGoogleSignInClient.signOut()
.addOnCompleteListener(this, new OnCompleteListener<Void>() {
#Override
public void onComplete(#NonNull Task<Void> task) {
// [START_EXCLUDE]
updateUI(null);
// [END_EXCLUDE]
}
});
}
// [END signOut]
// [START revokeAccess]
private void revokeAccess() {
mGoogleSignInClient.revokeAccess()
.addOnCompleteListener(this, new OnCompleteListener<Void>() {
#Override
public void onComplete(#NonNull Task<Void> task) {
// [START_EXCLUDE]
updateUI(null);
// [END_EXCLUDE]
}
});
}
// [END revokeAccess]
private void updateUI(#Nullable GoogleSignInAccount account) {
if (account != null) {
mStatusTextView.setText(getString(R.string.signed_in_fmt, account.getDisplayName()));
findViewById(R.id.sign_in_button).setVisibility(View.GONE);
findViewById(R.id.sign_out_and_disconnect).setVisibility(View.VISIBLE);
} else {
mStatusTextView.setText(R.string.signed_out);
findViewById(R.id.sign_in_button).setVisibility(View.VISIBLE);
findViewById(R.id.sign_out_and_disconnect).setVisibility(View.GONE);
}
}
#Override
public void onClick(View v) {
switch (v.getId()) {
case R.id.sign_in_button:
signIn();
break;
case R.id.sign_out_button:
signOut();
break;
case R.id.disconnect_button:
revokeAccess();
break;
}
}
}
From what I read, the issue could be caused by SHA1 Generation.
I followed the complete guide but apparently it's not working.
I copied the SHA1 from gradle signingReport
Variant: debug
Config: debug
Store: /Users/user/.android/debug.keystore
Alias: AndroidDebugKey
MD5: A3:16:3F:43:75:FE:07:62:6D:8D:CC:DD:21:9F:FA:1A
SHA1: 7B:21:26:7F:D8:18:BB:0E:36:1C:82:DD:B7:28:5F:C1:2F:5C:E4:EA
Valid until: Saturday, August 31, 2047
----------
Variant: release
Config: none
----------
Variant: debugAndroidTest
Config: debug
Store: /Users/user/.android/debug.keystore
Alias: AndroidDebugKey
MD5: A3:16:3F:43:75:FE:07:62:6D:8D:CC:DD:21:9F:FA:1A
SHA1: 7B:21:26:7F:D8:18:BB:0E:36:1C:82:DD:B7:28:5F:C1:2F:5C:E4:EA
Valid until: Saturday, August 31, 2047
----------
Variant: debugUnitTest
Config: debug
Store: /Users/user/.android/debug.keystore
Alias: AndroidDebugKey
MD5: A3:16:3F:43:75:FE:07:62:6D:8D:CC:DD:21:9F:FA:1A
SHA1: 7B:21:26:7F:D8:18:BB:0E:36:1C:82:DD:B7:28:5F:C1:2F:5C:E4:EA
Valid until: Saturday, August 31, 2047
what could be the possible cause of this?
Thanks
P.S. Could this be a possible cause?
Google Play services out of date. Requires 11720000 but found 10932470

Error PlatformException(sign_in_failed, com.google.android.gms.common.api.ApiException: 12500: , null)
This 12500 Error can be solved by adding a support email address
to your project in project settings. Open link
https://console.firebase.google.com/
Select Your project and open settings tab.
Provide a valid support email and restart your application now.

Check if SHA-1 fingerprints are added to the firebase project settings. If not,find SHA-1 fingerprint using
https://developers.google.com/android/guides/client-auth
Also, find the SHA-1 fingerprint of release key using
keytool -list -v -keystore <keystore path>
Remove <keystore path> with the path of the key store.
Then add both SHA-1 fingerprints to firebase projects settings.
NB: Don't forget to replace google-services.json with updated google-services.json with new fingerprints. I lost two days on that.
While debug
Android studio automatically generate ~/.android/debug.keystore on first debug build and use it to sign the app.
To get the SHA-1 run (password android) (doc):
keytool -exportcert -list -v -alias androiddebugkey -keystore ~/.android/debug.keystore
This SHA-1 should be added to the app settings at firebase to allow usage of google sign in capabilities while testing debug build.

for error 12500 You need to add support gmail in settings of firebase only and for error 10 add ssh fingerprint in firebase console as you see in picture

Support email and also all project and privacy links are necessary for Google SignIn to work, otherwise it throws 12500.
Set it on https://console.developers.google.com/apis/credentials on the bottom of second tab named "OAuth consent screen" - there you'll find three links that need to be configured.
This is not mentioned ANYWHERE in the Firebase guides.

Simply update your Google Play Services to the latest version (or 11720000 in this case). If you are using AVD, Nexus 5 and 5X images support Google Play. Once the emulator is up and running, go to the Extended Controls Menu > Google Play then update.

Try updating the OAuth consent screen on
https://console.developers.google.com/apis/credentials

I was stuck of this for a while.
Make sure these step are performed-
Correct SHA key is saved on Firebase Console.
Download the latest google-service.json
And Last and most important Save OAuth consent under credentials in google api,
OAuth Screen This took a long to figure out.
And it worked fine after this.

Seems your SHA1 is overwritten by Google play store.
Check in your google play store, launch panel, under app signing, see if google play has an additional SHA1 added.
And copy that SHA1, add to your relevant place, would do the job.

Enable Google Sign in method works for me
-Authentication->Sign-in method->google

In my case, the issue was that my emulator did not have Play Store. I have made the emulator (named API 23) through Visual Studio, because I develop using Xamarin.Forms as well, and in Visual Studio's Android Device Manager you can select if your emulator should have Google Play Store.
Had to create an emulator through Android Studio's AVD and ensure that it had Play Store:

Enable Sign-in method GOOGLE.** (not necessary)
Open the project settings.
Provide email for support.

If there's still anyone out there with a similar issue, if you're adding custom scopes, make sure it's a valid scope. In my case, I mixed Facebook scopes with Google scopes and took me a while to figure it out!

I think the error came from the Wrong SHA1. Please don't forget that the SHA1 is different between release and debug mode in the android studio. Instead of using keytool to get the SHA1, you can use Gradle project -> Task -> android -> signingReport in the android studio (can open it by menu View -> Toolwindow -> gradle ) to get release and debug SHA1. After that, for easy working, you need to create 2 separate credentials with two SHA1 on google cloud console (google just instruct to create 1 using release SHA1, when we develop it will not work since it uses the debug SHA1).

I'm using Firebase Authentication. My SHA-1 was indicated correctly, client id was also correct but I still was getting 12500.
It turned out that my problem was that I didn't indicate Support email in my project settings. (Settings -> General tab -> Your project (Public settings) section).

Go to your project in the Firebase console, open Project Settings, add your SHA certificate fingerprints there. Download the updated google-services.json file and add it to your Projects app folder.
This worked for me.

First make sure you registered your app in the google developers console
Make sure you have both the debug and release keys in your Firebase application. If it this error appears in production, add your SHA-1 release key to fire base app. If it appears in development, then add your SHA-1 debug key.
Getting the debug/release key:
keytool -exportcert -list -v -alias [your alias] -keystore [path/to/debug or release.keystore]
Make sure to download the updated google-services.json to your app.

If you are coming here from flutter : This is one of the corner cases we have to fix as per the documentation here : https://pub.dev/packages/google_sign_in
Go to Google APIs & Sevices
Select the app you want to implement google signin In to.
Then click on Enable APIS and Services
Then Search for Google Peoples API
Open the Google People API card and click enable, your app might get rid of the issue.

In my case, this error was there because android auth was removed by senior team as it seems there's no need of android key in backend authentication. So both Android and Web client keys are needed in google login.

I tried all of the answers and still was getting 12500. It turned out that the solution for me was even simpler - my project has User Type set to internal and I was trying to log in with email outside of my company. So if none of the previous answers work for you, check if you have User Type set to internal or external and if you try to log in with acceptable account.

For me the problem was using a 'release' ClientID with my debug-configured app. Make sure you have a release and a debug keys, using each SHA-1's respectively.

When your app authenticates with a backend server or accesses Google APIs from your backend server, then you must pass the OAuth 2.0 client ID that was created for your server to the requestIdToken method when you construct the GoogleSignInOptions object, for accessing the user's basic profile information. Also, don't forget to submit the support email in the OAuth consent screen found in the Credentials page in the API Console.

It can also happen that the cordova compiler is unable to find the proper keystore file.
Solution: Before executing ionic cordova build android specify the signing properties
Step-1: Generate a debug keystore file
Execute the command
keytool -exportcert -list -v -alias androiddebugkey -keystore ~/.android/debug.keystore
Use password: android
Step-2: Copy the keystore file(debug.keystore) from ~/.android to platform/android directory of your current project
Step-3: Create a file named release-signing.properties in the platform/android directory
Step-4: Add the contents in the file
storeFile=debug.keystore
keyAlias=androiddebugkey
storePassword=android
keyPassword=android
Note: These are the default values. If you have provided custom alias and password then use them accordingly.
Step-5: Now build ionic cordova build android

I experienced the same problem after opening my project on another computer (different Android Studio).
In my case, I solved it using the Firebase Assistant, which I had used to setup Firebase initially.
Opened the Firebase Assistant (Tools > Firebase) and selecting Authentication > Connect.
This reconnected the project to Firebase and updated the configs

I was stuck in the Google Login issue since 2 week, finally sorted it well .let me explain the reason.
The issue was related with firebase. In firebase , they mentioned a field "support email " as optional . But once i added it (any of your personal email) ,the issue sorted and i got the response .
If your getting an error as 12501 , then it is related to settings in your google account.

I was stuck of this for a while.
Make sure these step are performed-
Correct SHA key is saved on Firebase Console.
Valid reversed client id.
from fcm console=>select app=>from authentication=>enable google sign-in method

I know it seems silly but I had this error in my emulator and the issue was resolved when I booted up an emulator that had Google Play API's installed.

After I tried all solutions above and nothing has worked.
I found that I am requesting scope that is not mentioned in the cloud.
These is my code
final GoogleSignIn googleSignIn = new GoogleSignIn(
scopes: [
'https://www.googleapis.com/auth/userinfo.email',
'https://www.googleapis.com/auth/userinfo.profile',
'https://www.googleapis.com/auth/openid',
'https://www.googleapis.com/auth/youtube.force-ssl'
]);
After I removed all scopes, it worked.
My scopes section was empty:
Scopes tab can be found here: https://console.cloud.google.com/apis/credentials/consent/edit

In my case, it's because of the wrong Google Client Id.
I change my key to the key listed in google-services.json (under oauth_client object)

Make sure you have following things set up properly:
Generate Client Id in your Google Project.
Provide proper SHA-1 key for that Client Id. (debug / release)
Provide proper package name for that Client Id.
Make sure you have generated Client Id in strings.xml, google-services.json or credentials.json file.

https://developers.google.com/identity/sign-in/android/sign-in
follow this api documentation but keep in mind that inside WEB_CLIENT_ID use the value of client id which is generated inside google-services.json file.
class MainActivity : AppCompatActivity(), GoogleApiClient.OnConnectionFailedListener {
private val TAG = "JSAGoogleSignIn"
private val REQUEST_CODE_SIGN_IN = 1234
private val WEB_CLIENT_ID = "354298333018-XXXXXXXXXXXXXXXXXXXXXXX.apps.googleusercontent.com"
private var mAuth: FirebaseAuth? = null
private var mGoogleApiClient: GoogleApiClient? = null
override fun onCreate(savedInstanceState: Bundle?) {
super.onCreate(savedInstanceState)
setContentView(R.layout.activity_main)
var txt_register = findViewById<TextView>(R.id.txt_register)
txt_register.setOnClickListener {
var intent = Intent(this#MainActivity, RegisterActivity::class.java)
finish()
startActivity(intent)
}
val gso = GoogleSignInOptions.Builder(GoogleSignInOptions.DEFAULT_SIGN_IN)
.requestIdToken(WEB_CLIENT_ID)
.requestEmail()
.build()
mGoogleApiClient = GoogleApiClient.Builder(this)
.enableAutoManage(this /* FragmentActivity */, this /* OnConnectionFailedListener */)
.addApi(Auth.GOOGLE_SIGN_IN_API, gso)
.build()
mAuth = FirebaseAuth.getInstance()
sign_in_button.setOnClickListener {
val intent = Auth.GoogleSignInApi.getSignInIntent(mGoogleApiClient)
startActivityForResult(intent, REQUEST_CODE_SIGN_IN)
}
}
override fun onConnectionFailed(p0: ConnectionResult) {
TODO("not implemented") //To change body of created functions use File | Settings | File Templates.
}
private fun updateUI(user: FirebaseUser?) {
if (user != null) {
Log.e("Email", "Value" + user.email)
}
}
fun signIn() {
}
override fun onStart() {
super.onStart()
val currentUser = mAuth!!.currentUser
updateUI(currentUser)
}
public override fun onActivityResult(requestCode: Int, resultCode: Int, data: Intent?) {
super.onActivityResult(requestCode, resultCode, data)
// Result returned from launching the Intent from GoogleSignInClient.getSignInIntent(...);
if (requestCode == REQUEST_CODE_SIGN_IN) {
val result = Auth.GoogleSignInApi.getSignInResultFromIntent(data)
if (result.isSuccess) {
// successful -> authenticate with Firebase
val account = result.signInAccount
firebaseAuthWithGoogle(account!!)
} else {
// failed -> update UI
updateUI(null)
Toast.makeText(applicationContext, "SignIn: failed!" + result.status,
Toast.LENGTH_SHORT).show()
}
}
}
private fun firebaseAuthWithGoogle(acct: GoogleSignInAccount) {
Log.e(TAG, "firebaseAuthWithGoogle():" + acct.id!!)
val credential = GoogleAuthProvider.getCredential(acct.idToken, null)
mAuth!!.signInWithCredential(credential)
.addOnCompleteListener(this) { task ->
if (task.isSuccessful) {
// Sign in success
Log.e(TAG, "signInWithCredential: Success!")
val user = mAuth!!.currentUser
updateUI(user)
} else {
// Sign in fails
Log.w(TAG, "signInWithCredential: Failed!", task.exception)
Toast.makeText(applicationContext, "Authentication failed!",
Toast.LENGTH_SHORT).show()
updateUI(null)
}
}
}

Android Google Sign In DEVELOPER_ERROR 10

I am trying to add Google Sign In to my Android App. I have followed the instructions in the below link:
https://developers.google.com/identity/sign-in/android/start-integrating
I have dougle checked that all the pre-requisites are met: 1. I have API version 27, Google Play Services Version 49, Google Repository version 58. I also have created a keystore (JKS) for debug, and have the App signed (Android Studio: File --> Project Structure --> (modules) app -> then configured Signing, Flavors and Build types tabs using this keystore and the alias created. I have then created a Project in Google Cloud console, created OAuth Credential for Android and have configured the SHA1 fingerprint, and have made sure that the package name is as per the manifest file.
However, the below code always results in APIException (com.google.android.gms.common.api.ApiException: 10:, Status{statusCode=DEVELOPER_ERROR, resolution=null} ).
I have followed the code snippets as per the below link:https://developers.google.com/identity/sign-in/android/sign-in
private void handleSignInResult(Task<GoogleSignInAccount> completedTask) {
try {
GoogleSignInAccount account = completedTask.getResult(ApiException.class);
// Signed in successfully, show authenticated UI.
String k="";
} catch (ApiException e) {
// The ApiException status code indicates the detailed failure reason.
}
}
I then deleted the Android OAuth Credential in Google Cloud Console project, and then created a Web Application project and tried using the client id in my Android code, which also did not work. I got the same exception. What am I doing wrong here?
I also would like to know what is the use of the Client Secret (downloadable JSON file) showing up in my OAUth creadential in the Google cloud console project?
I also have read some articles in which it is mentioned about Google-services.json file which I have not added to my project because the Google developers documentation I have followed (mentioned above) does not mention such an activity. I also have not seen such a file in Google Cloud Console, inside my project's OAuth credentials. Am I missing something here?

You have added a debug SHA-1 key in firebase console
You need to add release SHA-1 key in firebase console
You can generate release SHA-1 key by following steps :
add signing config in gradle file
click on gradle option (located at right side of android studio)
click on :<AppName> -> android -> signingReport (double click it).
this will generate signing SHA-1 key and you can see it in Run option in android studio below tab.
Note:- There will be debug and release both SHA-1 keys will present in Run tab. You need to pick release SHA-1 key. (If you didn't find release SHA-1 key, double check that you have added release configs in app level build.gradle file).
Now you can see the release SHA-1 key in run tab

Google sign in failed com.google.android.gms.common.api.ApiException: 10:

So I'm Stuck on this frustrating issue.
I am quite new to Google Auth on Firebase but I done everything the firebase docs instructed in how to integrate the Google SignIn Auth, yet I'm still receiving this weird Error in the console consisted of two parts:
12-03 11:07:40.090 2574-3478/com.google.android.gms E/TokenRequestor: You have wrong OAuth2 related configurations, please check. Detailed error: UNREGISTERED_ON_API_CONSOLE
and also
Google sign in failed com.google.android.gms.common.api.ApiException: 10:
Before Anyone attempts to point out similar questions that have previously been asked on stack overflow, Here's what I have done till now after seen all the available solutions and yet non has resolved the error
I have my SHA1 fingerprint for my project
I have my OAuth 2.0 client ID, both, the android client id and the web client and in the requestIdToken() I have put the web client id.
I did not publish my project's APK on google play store. which means I did not accidentally generate another SHA1 fingerprint.
I have followed step by step the Google Sign in Auth firebase docs.
here is my code snippet:
#Override
public void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
setContentView(R.layout.activity_signup);
ButterKnife.bind(this);
String webClientId = getString(R.string.web_client_id);
GoogleSignInOptions gso = new GoogleSignInOptions.Builder(GoogleSignInOptions.DEFAULT_SIGN_IN)
.requestEmail()
.requestIdToken(webClientId)
.build();
mGoogleApiClient = new GoogleApiClient.Builder(this)
.enableAutoManage(this /* FragmentActivity */, this /* OnConnectionFailedListener */)
.addApi(Auth.GOOGLE_SIGN_IN_API, gso)
.build();
mGoogleSignInClient = GoogleSignIn.getClient(this, gso);
GoogleSignInAccount account = GoogleSignIn.getLastSignedInAccount(this);
googleLoginBtn.setOnClickListener(new View.OnClickListener() {
#Override
public void onClick(View view) {
Intent signInIntent = mGoogleSignInClient.getSignInIntent();
startActivityForResult(signInIntent, RC_SIGN_IN);
}
});
}
#Override
public void onActivityResult(int requestCode, int resultCode, Intent data) {
super.onActivityResult(requestCode, resultCode, data);
// Result returned from launching the Intent from GoogleSignInClient.getSignInIntent(...);
if (requestCode == RC_SIGN_IN) {
// The Task returned from this call is always completed, no need to attach
// a listener.
Task<GoogleSignInAccount> task = GoogleSignIn.getSignedInAccountFromIntent(data);
try{
GoogleSignInAccount account = task.getResult(ApiException.class);
firebaseAuthWithGoogle(account);
} catch (ApiException e) {
// Google Sign In failed, update UI appropriately
Log.w(TAG, "Google sign in failed", e);
// [START_EXCLUDE]
Toast.makeText(this, "Gooogle Auth failed", Toast.LENGTH_LONG);
// [END_EXCLUDE]
}
}
}
private void firebaseAuthWithGoogle(GoogleSignInAccount acct) {
Log.d(TAG, "firebaseAuthWithGoogle:" + acct.getId());
// [START_EXCLUDE silent]
//showProgressDialog();
// [END_EXCLUDE]
AuthCredential credential = GoogleAuthProvider.getCredential(acct.getIdToken(), null);
mAuth.signInWithCredential(credential)
.addOnCompleteListener(this, new OnCompleteListener<AuthResult>() {
#Override
public void onComplete(#NonNull Task<AuthResult> task) {
if (task.isSuccessful()) {
// Sign in success, update UI with the signed-in user's information
Log.d(TAG, "signInWithCredential:success");
FirebaseUser user = mAuth.getCurrentUser();
Toast.makeText(LoginActivity.this, "Successful Auth", Toast.LENGTH_LONG).show();
} else {
// If sign in fails, display a message to the user.
Log.w(TAG, "signInWithCredential:failure", task.getException());
Toast.makeText(LoginActivity.this, "Authentication failed.",
Toast.LENGTH_SHORT).show();
//updateUI(null);
}
// [START_EXCLUDE]
//hideProgressDialog();
// [END_EXCLUDE]
}
});
}

Basically problem is in the SHA1 key put on console please regenerate it and put again properly same project.
1)As the answers, make sure that your actual signed Android apk has the same SHA1 fingerprint as what you specified in the console of your Firebase project's Android integration section (the page where you can download the google-services.json)
For more info, see: Generate SHA-1 for Flutter app
2)On top of that go to the Settings of your firebase project (gear icon right to the Overview at the top-left area. Then switch to Account Linking tab. On that tab link the Google Play to your project.
EDIT:
Account Linking tab doesn't exist any more, instead :
Sign in to Firebase.
Click the Settings icon, then select Project settings.
Click the Integrations tab.
On the Google Play card, click Link.

When using App Signing by Google Play and Firebase, you need to add the SHA-1 fingerprint of the App signing certificate (found on Google Play Console/ Release Management/ App signing certificate) to the Firebase Console/ Settings/ SHA certificate fingerprints
Updated location for the SHAs: Google Play Console > Release > Setup > App integrity

In My case, There is no problem with SHA-1
I have done GoogleAuth using Firebase.
I forgot to add implementation 'com.firebaseui:firebase-ui-auth:4.3.1'
And I put my own key instead of R.string.default_web_client_id, So that was the problem. I added above dependency and replace R.string.default_web_client_id with my own key.
GoogleSignInOptions gso = new GoogleSignInOptions.Builder(GoogleSignInOptions.DEFAULT_SIGN_IN)
.requestIdToken(getString(R.string.default_web_client_id))
.requestEmail()
.build();
UPDATE : 18-Dec-2020
We can also use without requestIdToken like below. For this you must have to add your SHA1 to google console.
GoogleSignInOptions gso = new GoogleSignInOptions.Builder(GoogleSignInOptions.DEFAULT_SIGN_IN)
.requestEmail()
.build();

I was facing the same issue, After checking around for a solution, from regenerating the finger print to linking the app on firebase to the Google play console and publishing the signed apk, the issue was actually because I was using the release SHA-1 on the firebase console.
If you are still on debug mode, use the debug.keystore SHA1
Only use the release SHA1 if you are on production mode
https://developer.android.com/studio/publish/app-signing.html

My solution was a little different,
After hours of trying various things. I found my solution:
Using the steps listed here:
https://stackoverflow.com/a/34223470/10575896
Open Android Studio
Open your Project
Click on Gradle (From Right Side Panel, you will see Gradle Bar)
Click on Refresh (Click on Refresh from Gradle Bar, you will see List Gradle scripts of your Project)
Click on Your Project (Your Project Name form List (root))
Click on Tasks
Click on Android
Double Click on signingReport (You will get SHA1 and MD5 in Run Bar(Sometimes it will be in Gradle Console))
The console will print out the SHA keys for both debug and release. I had added the debug keys to firebase sometime in the past, but I had not added the release keys.
I simply added the SHA1 and SHA256 keys to firebase, and I was good to go.

If you have all configuration valid in firebase like SHA-1 and you have imported right google-services.json file still you are getting error then add the support email in firebase console
You have to add support email in fire base console
Go to Project-> Setting -> General -> Public setting add Support Email

i was dealing with this problem for 2 days !
the problem was the clientId i used, was android type while i had to use web Aplication type Clientid . please consider this if you have the same problem ;)

I had problems with each answer, so here is the solution that worked for me:
First, add Firebase to your project:
Go to Firebase web site -> Add Project -> Once when you create new project go to Add App and add your Android app
Take care to add the exact package name and debug SHA-1 key.
You can generate debug SHA-1 key doing the following in Android Studio:
On the right side open Gradle panel -> go to Tasks -> android -> run signingReport
Your SHA-1 key will be shown in Run window
Once when you register the app, download the config file. In the config .json file you can find your client_id : client -> oauth_client -> client_id
Take care there are two client_ids. The one with "client_type": 3 worked for me with the following code:
private fun requestSignIn(context: Context) {
GoogleSignIn.getLastSignedInAccount(context)?.also { account ->
onSignedIn(account)
return
}
val signInOptions = GoogleSignInOptions.Builder(GoogleSignInOptions.DEFAULT_SIGN_IN)
.requestScopes(Scope("https://www.googleapis.com/auth/spreadsheets"))
.requestEmail()
.requestIdToken("client_id_goes_here")
.build()
val client = GoogleSignIn.getClient(context, signInOptions)
startActivityForResult(client.signInIntent, REQUEST_SIGN_IN)
}
Then in the onActivityResult:
override fun onActivityResult(requestCode: Int, resultCode: Int, data: Intent?) {
super.onActivityResult(requestCode, resultCode, data)
if (requestCode == REQUEST_SIGN_IN) {
if( resultCode == RESULT_OK) {
GoogleSignIn.getSignedInAccountFromIntent(data)
.addOnSuccessListener { account ->
onSignedIn(account)
}
.addOnFailureListener { e ->
Log.d("Fail", "Fail")
}
}
}
}
In onSignedIn you should do the google sheet api call

Make you use .requestIdToken(getString(R.string.default_web_client_id)) when you Build GoogleSignInOptions:
GoogleSignInOptions gso = new GoogleSignInOptions.Builder(GoogleSignInOptions.DEFAULT_SIGN_IN)
.requestIdToken(getString(R.string.default_web_client_id))
.requestEmail()
.build();
Add your debug.keystore's SHA1 and SHA256 fingerprint to your Firebase project with the following steps:
Obtain the debug.keystore's fingerprints: Linux/Mac - keytool -list -v -alias androiddebugkey -keystore ~/.android/debug.keystore, Windows - keytool -list -v -alias androiddebugkey -keystore %USERPROFILE%\.android\debug.keystore
Add these fingerprint's to your Firebases project's Android app section: https://support.google.com/firebase/answer/9137403?hl=en

Yo guys, make sure that you have installed google play services in android studio SDK Manager. After I did it, rebuild unity project — all works fine.

It's 2022 and I spent 7 hours debugging this! I am not a native Android developer so I didn't know what's what until now.
Here is how I made it to work.
1) Make sure you have different build numbers between dev and prod!
There are 3 different builds/app in the world that you are playing with:
The one in Google Play Store that you can install. It has a build number associated with it, both in the Play Store and in the App -> tap and hold -> info.
The one in Android Studio build that has release build flavor
The one in Android Studio build that has debug build flavor
The debug one is the one you can attach the debugger (the bug icon!) and release is the one that you cannot.
Whatever you do, make sure these are different or you will pull your hair why it works here and not there!
Android: Tag > Build > Release > then immediately version bump
I am coming from a background that we tag and version right before the release. (e.g. backend) Here, if you do so, it messes everything up! So you should tag, then release, then version bump immediately!
Ideally, the Play store should be 1.1.7, the release one should be 1.1.8 (yes, one version ahead as it's the one you are going to publish), and the debug one should be 1.1.8-debug.
If you don't do so, and they are the same, Android OS is going to cache the packages/APKs. So even if you go and install the app from Play Store, it might use an Android Studio version that it has in cache, with its own certificate! (That took me 4 hours of not knowing why installing the same app from Play Store on two phones, yielded different behaviors -- one was using the cached APK from Android Studio USB builds.)
2) You need at least 4 different Oauth Client ID Keys from GCP!
At this point, you should be aware of the crazy system that you should create a "Web" OAuth Client ID for Android, and also a dummy Android one! See this.
Yes, you need one "Web" key, and one "Android" key to have the GoogleSignIn work. You should use the "Web" one almost everywhere (except for doing server-side token validation, where you verify the audience/issuer of the JWT). Regardless, without the unused dummy "Android" one, it's not gonna work.
However, the part that I didn't know was that you need 3 Android + 1 Web!
When you create an Android OAuth Client ID, it asks for a SHA-1.
And each of those 3 apps has its own certificates, a.k.a SHA-1s.
How to get 3 SHA-1s?
For 2 and 3 (release and debug of Android Studio) you can get them from gradle via this solution.
For the Play Store one, you have to go to Play Console > App Integrity > App Signing and get the "App signing" certificate from there. (The upload one should match your release one most likely.)
Now, go ahead and create these 3 Android Ouath Client Ids + 1 for Web and hopefully Google SignIn will work everywhere!

I am not sure if this is the cause, but we might need to use the Web Client ID in the Android App before publishing it, read the following article,
https://android-developers.googleblog.com/2016/03/registering-oauth-clients-for-google.html

After adding the SHA1 and SHA256 app signing certificates it still didn't work. Once I added the SHA1 App upload certificate it worked :)

After adding the SHA1 and SHA256 app signing certificates it works.

I have faced the same error and I solved it by fixing the value of WEB_CLIENT_ID
You can check the value at:
Authentication -> Sign-in Method -> Provider (ex: Google) -> Web SDK Configuration -> Web Client ID

In my case to work on the emulator, I followed the steps https://stackoverflow.com/a/46767856/6800637, and in addition to putting in https://console.firebase.google.com projectName/ settings / general, my signature key sha1 and sha256 I also put the key sha1 from [debug.keystore]
which is shown when you follow the steps mentioned above

This status code means that you are providing unknown server client id.
So I was able to resolve this issue by changing the OAuth Client ID at Android client:
googleSignInOptions = GoogleSignInOptions.Builder(GoogleSignInOptions.DEFAULT_SIGN_IN)
.requestIdToken("web application client id")
.requestEmail()
.build()
In https://console.developers.google.com/apis/credentials in your project you might need to generate: OAuth client ID -> Web Application and use this web application client id in your Android app.

I had this problem recently when trying to use google sign in using Firebase. I could fix it by updating requestIdToken in GoogleSignInOptions to the one provided as client_id in google-services.json file.

These are all great answers, in case anyone else is trying to have multiple firebase projects for one app, i.e. development and production the trick is when you want to test production, you'll need to upload the APK to Google Play if you use Google Play to manage the signing of your app. I used the internal testing track, and then it started working.
You cannot just install the APK on your device with your debug keys, because it does not match the production keys in Firebase.
Another side note - as others have mentioned - for some reason you need to use the "web" OAuth client ID, NOT the Android OAuth client. This is a really confusing thing for Google to do.

Although, the tutorial and the configuration page suggests to get the package name from the manifest file, it seems it is checked against the "applicationId" in the "app/build.gradle" file.
There are two places to set the package name I've found so far:
app/src/main/AndroidManifest.xml
app/build.gradle android.defaultConfig.applicationId
In my case those two names were different. Earlier I had updated the package name in the first file but forgot to update in the build.gradle file.

If you are on flutter, take a look on where you initialized your GoogleSignIn, for me adding the clientId parameter worked on iOS but breaks android try that as well

If you are having multiple apps under same Project in Firebase, make sure you are in the correct (App)com.xxx.yyy, that matchup with your current project you are doing in Android Studio. Then change the sha1 in settings of Firebase under proper (App)com.xxx.yyy and download the Json accordingly past it at, In project level view apps->build->source.

This might come if you have not set the SHA-1/SHA-256 hashes for your project.

I double-checked everything on the firebase console, I have correctly added SHA keys also I was facing an error. After spending hours I found the error was due to not setting up OAuth Consent in Google Console. So if any once facing the same issue please check this step as well, that might be your help you out.

if above help from other universe can't prevent Google making you fired from your company, below may be help you:
edit file "build.gradle" (:app)
in android{}, add these if missing, change file path, storePassword, keyAlias, keyPassword
signingConfigs {
debug {
storeFile file('E:\\keystore.jks')
storePassword '123456'
keyAlias 'key0'
keyPassword '123456'
}
release {
storeFile file('E:\\keystore.jks')
storePassword '123456'
keyAlias 'key0'
keyPassword '123456'
}
}
buildTypes {
release {
minifyEnabled true
proguardFiles getDefaultProguardFile('proguard-android-optimize.txt'), 'proguard-rules.pro'
signingConfig signingConfigs.release
}
debug {
minifyEnabled false
proguardFiles getDefaultProguardFile('proguard-android-optimize.txt'), 'proguard-rules.pro'
signingConfig signingConfigs.debug
}
}
Build/Clean Project
Sync Now
if still not working, run Debug app, magical will appear

I also faced this problem and search many time but didn't get over this. then I tried firebase authentication and this was worked. try following steps :
go to firebase - go to console(upper right corner) - click on your built app card - then click on authentication and then authenticate your id.
try it.

Error: Status{statusCode=DEVELOPER_ERROR, resolution=null}

I am usign gplus sign in, and getting this error at time I am in onActivityResult....
#Override
public void onActivityResult(int requestCode, int resultCode, Intent data) {
super.onActivityResult(requestCode, resultCode, data);
callbackManager.onActivityResult(requestCode, resultCode, data);
client.onActivityResult(requestCode, resultCode, data);
if (requestCode == 0) {
GoogleSignInResult result = Auth.GoogleSignInApi.getSignInResultFromIntent(data);
if (result.isSuccess()) {
GoogleSignInAccount acct = result.getSignInAccount();
// Log.d("Result","details"+ acct.getDisplayName() + acct.getEmail());
mEmail = acct.getEmail();
String mFullName = acct.getDisplayName();
String mGoogleplusId = acct.getId();
SocialUser user = new SocialUser();
user.setType("googleplus");
user.setEmail(mEmail);
user.setFullname(mFullName);
user.setId(mGoogleplusId + "");
loginParams.put("email_id", mEmail);
loginParams.put("googlePlusId", mGoogleplusId);
loginParams.put("full_name", mFullName);
loginParams.put("registrationType", "googleplus");
SignUpService(user);
} else {
Toast.makeText(CustomerLogIn.this, "Unable to fetch data, Proceed manually", Toast.LENGTH_SHORT).show();
}
}
}
And I am calling for gplus login on button click. On clcking button following code is executed....
GoogleSignInOptions googleSignInOptions = new GoogleSignInOptions.Builder(GoogleSignInOptions.DEFAULT_SIGN_IN)
.requestEmail()
.build();
mGoogleApiClient = new GoogleApiClient.Builder(CustomerLogIn.this)
.addApi(Auth.GOOGLE_SIGN_IN_API, googleSignInOptions)
.build();
Intent signInIntent = Auth.GoogleSignInApi.getSignInIntent(mGoogleApiClient);
startActivityForResult(signInIntent, 0);
And I am geetng this error...
Status{statusCode=DEVELOPER_ERROR, resolution=null}
on this line....
GoogleSignInResult result = Auth.GoogleSignInApi.getSignInResultFromIntent(data);
Please suggest the solution.

You need to add your SHA1 key to firebase console configuration.
You can do it in this way:
Firebase console ( https://console.firebase.google.com ) -> your project -> configuration -> scroll to
You can find your SHA1 key running "Signing report" from Android Studio:
Then, look the "run tab" and click the button:
I think it's the easier way. Hope this help.

Probably you created the configuration file using the SHA1 of your production token, use the androiddebugkey alias to gather the SHA1 corresponding to the debug version of your app and copy the configuration file to the 'app' directory, you should have both configuration files (one for debug purposes and another for production environment).
Based on the walkthrough published in https://developers.google.com/identity/sign-in/android/start

The way I fixed it was by picking up the key corresponding to the highlighted text. Due to the confusing usage of the word 'server' in Firebase's documentation page I was picking up the Server key . Which was the reason for the problem.
You can find the key here.

I had the same issue and I got it working by doing these steps:
1.Add DEBUG_KEYSTORE SHA1 fingerprint to the firebase project. use the following command(MAC/LINUX)
keytool -exportcert -list -v \-alias androiddebugkey -keystore ~/.android/debug.keystore
2.Now Generate a signed apk of your project. The process includes generating a keystore for your app's release version.
Copy the path of the newly generated .jks file.
3.Now generate RELEASE_KEYSTORE SHA1 fingerprint using the following command
keytool -list -v -keystore FULL_PATH_TOJKS_FILE -alias ALIAS_NAME
4.Copy the new SHA1 from the output and add it as another SHA1 fingerprint in your firebase application console.
Now you are good to go! ---- Hope! it helps.

I was having the same problem, how I solved it is that I had different applicationId in my gradle file than the package name in my manifest file. And I used to applicationId to create the json file. I had to change my package name to what my applicationId was and that fixed it for me.

Alternatively to the answers provided here, you can use Android Studio's Firebase Assistant to automatically add your SHA-1 to your project with the click of some buttons.
In Android Studio, go to Tools > Firebase > Select 'Authentication' and click the link that says 'Email and password authentication'.
This will bring you a little tutorial on how to integrate Authentication to your project, but since you've probably done all that, just click 'Connect to Firebase' and you're done.

It's an old question, but I have been stuck with error 10 (DEVELOPER_ERROR) lately, because I was using the Android client ID, I created in the google developer console.
The solution for me was to use the Android credentials in google developer console only to indicate the SHA key of my apk and to use the client ID of the Web application (!) credentials from the google developer console in my cordova application.
config.xml:
<plugin name="cordova-plugin-googleplus" spec="^5.3.0">
<variable name="REVERSED_CLIENT_ID" value="com.googleusercontent.apps.[web-application-client-id]" />
<variable name="WEB_APPLICATION_CLIENT_ID" value="[web-application-client-id].apps.googleusercontent.com" />
</plugin>
code:
window.plugins.googleplus.login(
{
'webClientId': '[web-application-client-id].apps.googleusercontent.com'
},
...
I don't use firebase.

You might have generated and added wrong SHA1 key. Use following steps to generate SHA1 key in Android studio:
Click on Gradle (From Right Side Panel, you will see Gradle Bar)
Click on Refresh (Click on Refresh from Gradle Bar, you will see List Gradle scripts of your Project)
Click on Your Project (Your Project Name form List (root))
Click on Tasks
Click on Android
Double Click on signingReport (You will get SHA1 and MD5 in Run Bar(Sometimes it will be in Gradle Console))
Now add this SHA1 key in your firebase android project.

Please Put correct json file in root of the android project
For more Refer here: https://coderzpassion.com/android-working-latest-google-plus-login-api/

The error is caused because the SHA-1 checksum of the debug or release key is not included in the firebase/google console.
First generate key using following command:
keytool -list -v -keystore KEYSTORE_PATH -alias ALIAS_NAME
Then copy the SHA-1 checksum and go to:
Firebase Console > Your project > Settings of the app > Add Fingerprint

For me it was working when I first implemented it, but stopped after a few days of development, with the mentioned error message.
I've solved the issue with these steps:
I have added the sha-256 fingerprint on top of the sha-1 fingerprint that I already had in the firebase console. (Not sure if this step is required)
I have downloaded google-services.json file again and replaced the old file.
re-installed the app
and it worked

Check below steps
Make sure you use correct SHA keys
Use web client id, not android client id while requesting id token

I came across this error in my firebase app.
It was fixed when I added therequestIdToken(activity.getString(R.string.default_web_client_id)) part below.
GoogleSignInOptions gso = new GoogleSignInOptions.Builder(GoogleSignInOptions.DEFAULT_SIGN_IN)
.requestEmail().requestIdToken(activity.getString(R.string.default_web_client_id))
.build();
apiClient = new GoogleApiClient.Builder(activity)
.addConnectionCallbacks(this)
.enableAutoManage(activity, this)
.addApi(Auth.GOOGLE_SIGN_IN_API, gso)
.build();
Intent signInIntent = Auth.GoogleSignInApi.getSignInIntent(apiClient);
activity.startActivityForResult(signInIntent, RC_GOOGLE_SIGN_IN);

I got this error when i updated my json config file with a new google account.
Uninstalling the application manually and reinstalling the app worked for me.

For anyone releasing an app, you need a special fingerprint from your keystore file. No wonder why I was getting this error just for the release version. How to obtain Signing certificate fingerprint (SHA1) for OAuth 2.0 on Android?

Ensure you enable Google Sign-In in under Authentication in the Firebase console.

I solved my problem by use right server_client_id in this line :
String serverClientId = getString(R.string.server_client_id);
I used the wrong code.

Some Services like google login require SHA1 fingerprint to be added to your firebase console.
I missed adding SHA fingerprint in firebase console. You can do so by going in FireBase Console > project setting > Add fingerprint option.
You can generate SHA1 Fingerprint by a very easy way https://www.youtube.com/watch?v=FczARQ244GE
After that I was doing one more mistake
After generationg SHA1 key fom above method. I copied the wrong invalid SHA1 key which was an expired one. So make sure the SHA1 key that you are copying from above way output is a valid one (Check the valid untill value as well of SHA1 Key)
Also make sure that the package name(x.y.z) that you have added in firebase is same as used in your android code.
Also make sure to use correct AppID

After long invistigation I have found a solution. Actually this error Error: Status{statusCode=DEVELOPER_ERROR, resolution=null} points to incorrect SHA-1 OR Incorrect package name OR something else?. In my case, I add debug keyword to end of my package name com.sample.app => com.sample.app.debug

I struggled with this issue because I made a copy of my application with changing the package name.
I add a new project for it at Firebase.
My mistake was that I forgot to change the server's client ID to the one in the new Firebase project.
more details under authintication with Firebase sectoin here

When you let Google manage your app signing, you can find the SHA-1 key in the Google Play console.
On the sidebar menu look for 'Configuration -> App integrity'. Here you will find the SHA-1 key for the signed app.
You also see the SHA-1 key for the signed app you've uploaded to the store.

don't forget to add release finger print. the former answers tell just add debug finger print which your problem just solve when you run your app in debug mode. if you release your app you can see that your problem is still remain . then make sure you added release finger print too .

If you're running into this issue with a released version (production):
Go to the Google Play console and copy SHA-1 key from Release -> Setup -> App Integrity

This also might happen if you are working with app versions deployed from "Internal App Sharing"
There is yet another certificate generated for you, and you'll need to registered it's SHA-1 fingerprint on Firebase or GCP too

with new android updates, this has started happening on a lot of my projects. The fix that worked for me was to define signconfig for both debug and release version in the gradle file and use it in build types.
In one of my project release build was working fine but dev build was facing this error.
signingConfigs {
debug {
storeFile file('/Users/user/.android/debug.keystore')
storePassword 'android'
keyPassword 'android'
keyAlias 'AndroidDebugKey'
}
release {
storeFile file('/Users/user/Development/your_key')
storePassword 'your_pass'
keyAlias 'your_alias'
keyPassword 'your_pass'
}
}
buildTypes {
release {
minifyEnabled true
debuggable false
signingConfig signingConfigs.release
proguardFiles getDefaultProguardFile('proguard-android-optimize.txt'), 'proguard-rules.pro'
}
debug {
minifyEnabled false
debuggable true
signingConfig signingConfigs.debug
}
}

New Google sign in Android

I'm trying to get a user token ID using the new Google play services 8.3
and as documented I pass the server ID:
GoogleSignInOptions gso = new GoogleSignInOptions.Builder(GoogleSignInOptions.DEFAULT_SIGN_IN)
.requestIdToken(getString(R.string.server_client_id))
.requestEmail()
.build();
but I'm still getting un successful result as below:
{statusCode=unknown status code: 12501, resolution=null}
and documented here GoogleSignInStatusCodes
The sign-in was cancelled by the user. i.e. the user cancelled some of the sign-in resolutions, e.g. account picking or OAuth consent.
Constant Value: 12501
That is not my case, as I already picked an account. Any idea what could be the reason?

I had exactly the same problem and i have found the solution.
If you follow the documentation found here:
https://developers.google.com/identity/sign-in/android/start-integrating
The first step tells you to create the configuration file (which creates an OAuth 2.0 client ID for you and inserts it into the google-services.json)
Then later, it says again about creating a OAuth 2.0 client ID, but this time it says that you have to do it for Web application
And this is the confusing part! (at least for me) because i was just taking the client id created for the android OAuth and not creating a new one for Web application (I thought the documentation was just redundant or something)
As it says, it is this one, and only this one the one you have to use as a parameter of the methods requestIdToken or requestServerAuthCode.
Forget about using the Android OAuth ID in this methods because then you will get all the time the ugly status code response 12501.
I think the main problem is that the documentation is a bit confusing about this. Or maybe because it is a bit strange the fact that you have to create two OAuth IDs.
So as a summary, you need TWO OAuth IDs, one for android and one for web application, and you have to set each one in the correct place.

I was struggling with this and wasted almost a week in it.
This is how I got it worked.
Import Project in AndroidStudio
Create debug keystore for project.
Create SHA1 signature for project using debug keystore.
Using SHA1 signature, register your app for Google Signin on Google Developer Console.
Generate a Google Configuration file there.(Put in Android Studio's app folder)
Use Web Client ID from OAuth 2.0 credentials in your Android Project.
Now, from Android Studio, generate debug build(APK) of your project.
Mount the device in your system -> copy this signed debug version of APK and install it.
Last three steps 6, 7 and 8, are what you actually need to take care of. If you directly run the project then APK is not actually signed with the debug keystore and google does not recognise it at all.

I had the same problem, after research solution it's resumed that server_client_id contained some incorrect value or your google_services.json didn't include oauth_client with client_id that registered with your keystore.
requestIdToken(getString(R.string.server_client_id))
R.string.server_client_id use OAuth 2.0 client ID for Web Application. And OAuth Client ID for Android use in google_services.json
Usually we use 2 keystore, 1 using debug keystore and 1 using signed keystore for published. So if we want to need in debug & publish mode, register your OAuth Client ID for Android twice, 1 using SHA1 from debug keystore and 1 from signed keystore for published.
small example in my google_services.json
"oauth_client": [
{
"client_id": "xxx-client-id.com",
"client_type": 1,
"android_info": {
"package_name": "com.app.android",
"certificate_hash": "xxxhash"
}
},
{
"client_id": "yyy.client-id.com",
"client_type": 1,
"android_info": {
"package_name": "com.app.android",
"certificate_hash": "yyyhash"
}
}
],

I was getting the same issue, it was because I created client ID of application type Android
Instead, I deleted it and created client ID of type web application and I got rid of this issue.

Just figure out how to solve this... I was getting this error while trying to run the debug version of my app... To fix it, add a credential for your debug app on the developer console and also on the google-services.json.
this fixed it for me!

I had the same problem, and I solved with the following solution:
Create configuration file (google-services.json) as described here and place in your /app project directory
(As mentioned in other answers) Using Web application Client ID for requestIdToken method.
[My main problem] Sign your app if you work on debug mode like below:
signingConfigs {
release {
storeFile file("myreleasekey.keystore")
storePassword "password"
keyAlias "MyReleaseKey"
keyPassword "password"
}
}
buildTypes {
release {
...
}
debug {
...
signingConfig signingConfigs.release
}
}

Now I got it.
So first you must follow the upper answers saying:
create a OAuth client-id for web applications in the Google Developers Console and use it in requestIdToken()
(get rid of status code 12501)
if you created a Android OAuth client-id for your production hash key, create a new Android OAuth client-id for your debug hash key and integrate it into your google-services.json.
(get rid of status code 12500)
No longer valid
And here comes the last Part:
3. you can not call requestIdToken() and requestEmail() at once. At least in my case I got rid of Result: Status{statusCode=INTERNAL_ERROR, resolution=null} by deleting requestEmail().
So good luck...

In my case, I also had to check that the debug SHA-1 was added as a valid OAuth Android client.

Use Web application as server_client_id not Android application

I had the same problem and I noticed that 12501 code was returned when my server_client_id contained some incorrect value.
Since there is no detailed message and the documentation of this error code is rather poor I don't know if your problem has the same cause as mine.
My application is based on Android code from this example (class IdTokenActivity).
To make it work I also needed to integrate Google sign-in into my app:
generated json config file with enabled Google Sign-In
added Google plugin and dependency to my gradle file
created OAuth client ID for this app and saved it in my project as server_client_id

Is your apk in debug mode? I think it only works with a signed apk.

Follow the ambiguous google's document.
Put google-services.json to your project directory
Set your gradle as https://stackoverflow.com/a/35216421/5886475
Set server_client_id in string.xml .It's your web client id not android client

A problem I had is that the SHA-1 I generated as with the incorrect alias.
The alias MUST BE androiddebugkey .
So I have put the Android OAuth ID at my google-service.json file. I have put the Web Client Id to requestIdToken().
And in my specific case, I generated the SHA-1 with androiddebugkey alias.
google-services.json:
"oauth_client": [
{
"client_id": "ANDROID OAUTH ID-.....apps.googleusercontent.com",
"client_type": 1,
"android_info": {
"package_name": "br.com.packagename",
"certificate_hash": "SHA-1 HASH"
}
},{
"client_id": "WEB CLIEND ID......apps.googleusercontent.com",
"client_type": 3
}
]
Signing part:
GoogleSignInOptions gso = new GoogleSignInOptions.Builder(GoogleSignInOptions.DEFAULT_SIGN_IN)
.requestIdToken("WEB CLIEND ID......apps.googleusercontent.com")
.requestEmail()
.build();

In place of R.string.server_client_id , just use R.string.default_web_client_id .
When you copy the google-services.json file into the app, it creates this string value automatically. You don't need to copy the key from google-services.json to string.xml
It worked for me.

I solved this issue by Clicking Firebase Support in Android Studio, which may not be relevant to non-Firebase users.
Go to menu Tools->Firebase
Click Connect your app to Firebase, it will display as Connected in green once connection is successful
Click Add Firebase Authentication to your app button, it will also turn green.
NOTE: Having huge list of answers in this definitely confirm one thing. Google needs to update and keep the documentation fool proof.

If none of the above options work, do check whether you applicationId in app build.gradle is same as you package name.

Oviously first check your release sha1 key is correct or not. But if still it is not working and you ar using google play services 8.4.0 (i.e.compile 'com.google.android.gms:play-services:8.4.0'), the issue could be solved by modifying GoogleSignInOption object.
Instead of:
GoogleSignInOptions gso = new GoogleSignInOptions.Builder(GoogleSignInOptions.DEFAULT_SIGN_IN)
.requestEmail()
.requestIdToken("YOUR_WEB_API_ID.apps.googleusercontent.com")
.build();
You have to use :
GoogleSignInOptions gso = new GoogleSignInOptions.Builder(GoogleSignInOptions.DEFAULT_SIGN_IN)
.requestScopes(new Scope(Scopes.PLUS_LOGIN))
.requestScopes(new Scope(Scopes.PLUS_ME))
.requestEmail()
.build();
This solves error returning statusCode=INTERNAL_ERROR OR statusCode=Error 12501 OR statusCode=Error 12500.
Then this gso object could be used for creating GoogleApiClient as shown below:
mGoogleApiClient = new GoogleApiClient.Builder(this)
.enableAutoManage(this, this)
.addApi(Auth.GOOGLE_SIGN_IN_API,gso)
// .addApi(Plus.API, null)
.addConnectionCallbacks(this)
.addOnConnectionFailedListener(this)
// .addScope(Plus.SCOPE_PLUS_LOGIN)
.build();

Don't know why but SHA1 in android studio is changed automatically and that's why I am getting this error. To solve this I updated the SHA1 of my firebase project settings with the new SHA1 of my android studio and it started working again.

In my case, my Credentials for Client ID for Android on Google APIs Console only contained the SHA-1 for my release signed APK. Android Studio was using the default debug keystore to sign my debug builds, and in that case the debug keystore SHA-1 did not match the Android client SHA-1 online. My solution was to simply sign the debug builds with the release keystore.
In Android Studio, Build/Edit Build Types..., then select your debug build type and make sure Signing Config is set to your release certificate.

Try following these steps:
Clone the following project https://github.com/googlesamples/google-services
Follow the guide at https://developers.google.com/identity/sign-in/android/start
Use Web client (auto created by Google Service) and add it in requestIdToken(...)
GoogleSignInOptions gso = new GoogleSignInOptions.Builder(GoogleSignInOptions.DEFAULT_SIGN_IN)
.requestEmail()
.requestIdToken("YOUR_WEB_API_ID.apps.googleusercontent.com")
.build();
Make sure you are using the same keystore used which is added to Google project. For instance, if you have used the following command to generate SHA-1 key
keytool -exportcert -list -v -alias androiddebugkey -keystore ~/.android/debug.keystore
Then add the following code in app/build.gradle file inside android { ... } [Solved my problem]
signingConfigs
{
debug
{
storeFile file("/home/ashwin/.android/debug.keystore")
storePassword "android"
keyAlias "androiddebugkey"
keyPassword "android"
}
}
buildTypes
{
release
{
minifyEnabled false
proguardFiles getDefaultProguardFile('proguard-android.txt'), 'proguard-rules.pro'
}
debug
{
signingConfig signingConfigs.debug
}
}
Note: Your keyPassword and keyAlias should be the same used during generation of SHA-1 certificate.

If you are using the debug keystore to build the project, you need to add the SHA-1 fingerprint of debug.keystore on Firebase Console.
On your Firebase Console, open your Project
Go to Parameters. Tab General
At the end of this page, there is a field to add a Fingerprint SHA-1
Paste the SHA-1 in the console field.
To obtain SHA-1 of debug.keystore :
Mac/Linux :
keytool -exportcert -list -v -alias androiddebugkey -keystore ~/.android/debug.keystore
Windows :
keytool -exportcert -list -v -alias androiddebugkey -keystore %USERPROFILE%\.android\debug.keystore
https://developers.google.com/android/guides/client-auth
That's all !

I had the same problem and error 12501 and non of of above did work for me.
My problem was I using google Default web api that generated for me. after creating my own web api error disappeared and worked fine!
these are working steps:
first I created SHA1 debug key and add to Firebase console. creating SHA1 from here.
create both web api and android OAuth 2.0 client ID from here
get generated google-service.json from Firebase console and put in app folder.
put this code for GoogleSignnOption
like this:
gso = new GoogleSignInOptions.Builder(GoogleSignInOptions.DEFAULT_SIGN_IN).requestIdToken
("put the web app client Id that get from the link in developer console ")
.requestEmail().build();
tip 1: I find out that you should create both android and web app Client Id to work.
tip 2: if you from Iran like me you can get the user from google but you can not AuthWithGoogle and result will fail in auth.signInWithCredential(credential) and you had to use some proxy for returning true.
this is the working full source of FireBaseAuthDemo in github:
hope help full

I had this problem too, after following Google's instructions for Automatically signing your app. If you are using this method to sign your apps, you will need to include the generated keystore fingerprint in your API credentials.
On the project browser, right click on your app and select Open Module
Settings.
I found it less confusing to put the .jks file in my project's /app directory. In any case run this line on it.
keytool -list -v -keystore /home/user/keystores/android.jks
You will be prompted for a password. Not sure if it's the Key Password or Store Password because mine are the same. :|
The console will spit out a bunch of certificate fingerprints. Take the SHA1 one and punch it into your API credentials at the Google API Developer's Console. You will need to enter it for the Android client OAuth 2.0 client IDs even though you don't actually use that client_id in your app. If you are using other APIs for android, put the same SHA1 in the appropriate key credentials under API keys too.

Here is a new one. I was trying for 6 hours to login on the emulator with the id from my corporate Google Apps domain, to no avail, getting 12501 errors. On a hunch, I tried my personal gmail id and it worked. Ditto if I tried on my phone with my corporate id. It turns out the emulator did not have the proper Mobile Device Management settings to allow my corporate id to login.
So If I want to test on the emulator with this corporate id, I have to install Google Play Store, then the MDM software, and configure it.

From my weird experience with this error, I can say that you also need to try to reboot your phone in order to get rid of this error :)
I was implemented Google Sign In using G Suite accounts which have a device policy assigned via Google Admin. So on the first sign in it was requiring to install Device Policy app. After all later steps completed, it was just throwing 12501 error. Same time the same app was working fine on other phones. So only reboot helped. But helped

Though already many upvoted answers exist in this question, I struggled to understand the logic.
So, I come up with my research.
Create a app using correct package name & Signing-certificate fingerprint SHA-1 https://developers.google.com/mobile/add?platform=android&cntapi=signin
Enable google sign-in
Generate the configuration file.
To get SHA-1, run this in terminal:
keytool -exportcert -keystore path-to-debug-or-production-keystore -list -v
About OAuth 2.0 client IDs
OAuth for the web (In app this is used as server_client_id)
OAuth for android (This needs to be created using correct package name & Signing-certificate fingerprint SHA-1).
If you are using the different keystore for debug & release, you need to create separate OAuth 2.0 client IDs using respective package name & SHA-1.
You can create or edit your OAuth 2.0 client IDs here https://console.developers.google.com/apis/credentials?project=
Navigating to your app.
If you already have a OAuth for Android, click in its name & check the package name & SHA-1.
We can use the same keystore for both debug & release by saving the keystore details in global(local, not inside project) gradle.properties & getting it in build.gradle as below.
def key_alias = ""
def key_password = ""
def store_file = ""
def store_password = ""
try {
key_alias = YOUR_KEY_ALIAS
key_password = YOUR_KEY_PASSWORD
store_file = YOUR_KEYSTORE_PATH
store_password = YOUR_KEYSTORE_PASSWORD
} catch (Exception exception) {
throw new IllegalStateException('Failed to find key store details. Social Login is disabled');
}
android {
signingConfigs {
config {
keyAlias key_alias
keyPassword key_password
storeFile file(store_file)
storePassword store_password
}
}
buildTypes {
debug {
signingConfig signingConfigs.config
// ...
}
release {
signingConfig signingConfigs.config
// ...
}
}
}
You can use below snippet
#Override
protected void onActivityResult(int requestCode, int resultCode, Intent data) {
super.onActivityResult(requestCode, resultCode, data);
if (requestCode == REQUEST_CODE_GOOGLE_SIGN_IN) {
GoogleSignInResult result = Auth.GoogleSignInApi.getSignInResultFromIntent(data);
if (result.isSuccess()) {
// ...
} else if (result.getStatus().getStatusCode() == CommonStatusCodes.NETWORK_ERROR) {
// No internet connection
} else if (result.getStatus().getStatusCode() == CommonStatusCodes.DEVELOPER_ERROR) {
// Wrong server OAuth key(server_client_id)
} else if (result.getStatus().getStatusCode() == 12501) {
// Wrong app signing-certificate fingerprint SHA1
} else {
Log.e("Google sign in error", result.getStatus().toString());
}
}
}
Note: If you enabled only Google Sign-In when you generated the configuration file, you need not to add the google-servies.json file in your project.(generating the file performs the necessary configuration steps).

1.Specify signingConfigs in your gradle file
signingConfigs {
config {
keyAlias 'appalias'
keyPassword 'hunter123'
storePassword 'hunter123'
storeFile file('path/to/keystore.jks')
}
}
2.Go to Build Types in Project Structure (in Android Studio) and specify signingConfigs to "config"
Now clean your project and build again. It should work.
If the above doesn't work then below is your last resort.
Try step one and build and check. If it's not working go to next step and try to build again.
Build a signed apk (With remember password checked).
Before signing check the filename of the keystore file and the one yo give in while signing the apk (in android studio).
Install the signed apk in your device.
Wait for five minutes.
Try singing in to google. If still 12501 is coming wait five more minutes. While doing that hit gradle sync.
Try again. It should work.

I have same problem too, Was resolved as follows:
I was made to delete the SHA1 previously thought and create and set new SHA1.
generate new google-services.json and set into my app directory
I was use exactly google developer codes
my result.isSucces() returned true after running the project
as summary, delete old sha1 and create new sha1 and download new google-services.json

I was facing the same 12501 status error. This is due to SHA-1 mismatch of release APK and debug APK.
Make a signed APK. To sign an APK, choose existing path of the keystore you have used for creating SHA-1. e.g. /.android/debug.keystore
Give alias-name : androiddebugkey
storepass and keypass : android.

I have developed lib to Add Google SignIn option in your app with just few lines of code. Try HiGoogle- Google SignIn Made Easy
Use Web application as server_client_id not Android application. Pass it in the HiGoogle constructor.