Google SignIn Fails with code 10 (on Android)

[sudarsangp]

Step 1: Describe your environment

• Device: Xiaomi Redmi Note 3
• OS version: 6.0.1
• MIUI version MIUI Global 9.2

Step 2: Describe the problem:

Throws Error after choosing Google account

com.google.samples.quickstart.signin W/SignInActivity: signInResult:failed code=10

Steps to reproduce:

1. Clone the repository and Launch SignIn App (under Android)
2. Click SignInActivity
3. Click Google Sign In button
4. Choose your Google Account
5. Logs above error in Logcat

[ibnahmadbello]

I have also been getting the same error response for the past few days; I have been trying to fixed the problem but no breakthrough and I learnt that the response code (10) means it is a developer problem. I hope someone can profer a solution here.

[makeze]

Same issue.

[samtstern]

Hi all. Error code 10 is DEVELOPER_ERROR: https://developers.google.com/android/reference/com/google/android/gms/common/api/CommonStatusCodes.html#DEVELOPER_ERROR

This almost certainly means you have not properly registered your SHA1 and Package Name in the Google API console: https://developers.google.com/identity/sign-in/android/start

If you are 100% sure that you have done this correctly, make sure that your GoogleSignInOptions are correct. In particular, make sure the web client ID (if you're using it) belongs to the same project where you registered your package name and SHA1.

I am going to close this issue since that's the best advice I can provide with the limited information above.

[ibnahmadbello]

I just cross-check my SHA1 and discovered a mistake. I have fixed it and the Google sign-in is working as expected. My initial SHA1 was gotten via the terminal while I got the present one via Android studio. Maybe @makeze and @sudarsangp can try something like that if it works. @samtstern thanks for the tip.

[sudarsangp]

@samtstern sorry for the trouble it was indeed a misconfiguration issue. @ibnahmadbello thanks for the suggestion.

I still have a question though. I am trying out SignInActivity and I don't see any usage of server_client_id in SignInActivity.java. Does Google Identity service check whether the project (in google cloud) has a valid OAuth 2.0 client ID with the same package name (as the app) in order to allow Signing In?

[samtstern]

@sudarsangp the web server client ID is used to mint the ID token, so that it's signed for the right "audience". It's actually not required for signing in, but we recommend that after you sign in you use the ID token to authenticate to your server or to another service (like Firebase Auth) if you need to (rather than an access token, which is dangerous)

[randallto]

I am new to android development and had opted in for google play app signing. My debug release worked fine but when publishing to internal test release it would fail. I realized the app is being resigned upon uploading to google so I registered using signing keys from google play portal and that fixed it. Oddly enough, examining the gradle signing report would only show sha1 for debug builds and not for release builds no matter I had selected the release keystore. Thankfully for now it is not an issue using google play signing.

[ghost]

Google is getting more and more ugly, they're making simple things complicated. The problem is the third key,

1、the debug key

2、the release key

3、Google Play App signing key

You need THREE keys to figure out ONE Google SignIn.

Does facebook also need three keys? Maybe one day google will need 30 keys.

[akashdmahali]

@mike1128 yeah, Facebook too requires 3 keys if you've signed up for Google Play App signing. Refer to this article.

[erlangparasu]

thanks @samtstern

[milogus]

I just cross-check my SHA1 and discovered a mistake. I have fixed it and the Google sign-in is working as expected. My initial SHA1 was gotten via the terminal while I got the present one via Android studio. Maybe @makeze and @sudarsangp can try something like that if it works. @samtstern thanks for the tip.

It works for me, thanks ;)

[rady-ben]

hi @ibnahmadbello I had the same problem when I was using sh1 generated from the commande line. but when I used android studio I get an other key and it work. thank you

[antranvn]

Hello @rady-ben , what is your way to get sha1 from android studio?

[ripple666]

优秀

[technologyshare]

This error might happen if you are not using same project at console.developers.google and console.firebase.google.com. If project is same at both console make sure you have add your SHA1 Key properly. Get SHA1 from Android studio.

Open Android Studio Open your Project Click on Gradle (From Right Side Panel, you will see Gradle Bar) Click on Refresh (Click on Refresh from Gradle Bar, you will see List Gradle scripts of your Project) Click on Your Project (Your Project Name form List (root)) Click on Tasks Click on Android Double Click on signingReport (You will get SHA1 and MD5 in Run Bar(Sometimes it will be in Gradle Console)) Select app module from module selection dropdown to run or debug your application 
 You also need to get google-services.json from firebase console and put into your project.

[deadsoul44]

@technologyshare there is no Gradle Bar. How to turn it on?

[antranvn]

@technologyshare: do we need to submit Oauth screen?

[technologyshare]

@technologyshare there is no Gradle Bar. How to turn it on?

Check in the right side

[technologyshare]

@technologyshare: do we need to submit Oauth scre

@technologyshare: do we need to submit Oauth screen?

if you are integrating it from web than you need to pass oauth screen, if you are doing only by phone. No Need

[raunak-many-ac]

When i release my app to playstore in beta mode the same server_client_ID doesn't works and i get error in:

    Task<GoogleSignInAccount> task = GoogleSignIn.getSignedInAccountFromIntent(data);

ApiException: 10

[yaugenka]

I'm quite new to Android development and was struggling with the error as well. I used Android Studio terminal to get the fingerprint. First I created a debug one by calling keytool -alias androiddebugkey -keystore %USERPROFILE%\.android\debug.keystore -list -v and everything worked well. Then I tried a fingerprint from a release keystore generated like so keytool -keystore path-to-production-keystore -list -v and got the error. The problem turned out to be in using release key in a debug build. As soon as I generated a release build signed with the same keystore the problem has gone.

[dk3dani]

I have an application giving this error but it already had the key.jks and I can't reuse it?

[yaugenka]

It can be reused after deleting previous ids. Go to credentials and delete the old OAuth 2.0 Client IDs. Then generate a new fingerprint with keytool -keystore path-to-production-keystore -list -v in Android Studio terminal and click on the blue Configure a project button at sign-in start (step 2). Install the client Id which the wizard will provide you at the end and finally generate a release build signed with the same .jks.

[sirnornur]

I'm quite new to android development and in my case it was caused by a wrong package name in app/build.gradle file.

Although, the tutorial and the configuration page suggests to get the package name from the manifest file, it seems it is checked against the applicationId in the app/build.gradle file.

There are two places to set the package name I've found so far: 1) app/src/main/AndroidManifest.xml 2) app/build.gradle android.defaultConfig.applicationId

In my case those two names were different. Earlier I had updated the package name in the first file but forgot to update in the build.gradle file.

Hope this helps someone.

[yaugenka]

After release to the store I found signin not working again and it turned out that you need to create a third key with your app's fingerprint from the Play Store developer console because google re-signs published builds with a different certificate. To sum it up you need to create four OAuth client ids in Google API console: 1 Web client id - this and only this one must be defined in your mobile app for all build types 3 Android client ids (with debug, release and publish fingerprints)

[Nikoloutsos]

I fixed it by doing the following steps:

1) Go console developer google 2) Click on create a new OAuth client ID 3) Make your Server client id by selecting web application 4) Create an android client id by selecting android 5) Use your app's package identifier and SHA1 fingerprint*

• IMPORTANT: you may need to create many android client id for the same app. One for debugging and one for release version. Debugging version has different SHA1 fingerprint than release.

To find out how to get SHA1 fingerprint for your app see previous comments or google it, you will find a lot of resource.

[shi-yan]

even if the problem is on the developer side, the error message is so terrible. It's also confusing, because our app uses only the web application client id, and if the android app SHA1 miss-matches, you still see the issue. A better error message will save people time. This, at least, deserves a fix in the error message or the document.

[Mr-Ramzan]

I hope this might help someone. I was facing the same issue after changing Keystore for my Project due to run into a signing problem.

I was giving SHA1 keys to the firebase console as well as the API console credentials.

I was giving SHA1 generated by circled area but when I put the one from the highlighted one i.e. app module. It worked.

[HaripriyaB]

one question..I tried to implement google sign in method without adding my SHA1 key to firebase and it was not signing in.. So is it compulsory to add our SHA1 key to firebase for google sign in to work?

[Mr-Ramzan]

Documentation does no suggest. there might be some other issue

one question..I tried to implement google sign in method without adding my SHA1 key to firebase and it was not signing in.. So is it compulsory to add our SHA1 key to firebase for google sign in to work?

[NehaVerma993]

This error might happen if you are not using same project at console.developers.google and console.firebase.google.com. If project is same at both console make sure you have add your SHA1 Key properly. Get SHA1 from Android studio.

Open Android Studio Open your Project Click on Gradle (From Right Side Panel, you will see Gradle Bar) Click on Refresh (Click on Refresh from Gradle Bar, you will see List Gradle scripts of your Project) Click on Your Project (Your Project Name form List (root)) Click on Tasks Click on Android Double Click on signingReport (You will get SHA1 and MD5 in Run Bar(Sometimes it will be in Gradle Console)) Select app module from module selection dropdown to run or debug your application 
 You also need to get google-services.json from firebase console and put into your project.

this is the one and absolute answer every one is looking for, thanks

[neelspansare]

I just cross-check my SHA1 and discovered a mistake. I have fixed it and the Google sign-in is working as expected. My initial SHA1 was gotten via the terminal while I got the present one via Android studio. Maybe @makeze and @sudarsangp can try something like that if it works. @samtstern thanks for the tip.

Thanks, for development SHA1 via Android studio worked, terminal SHA1 was not working.

[jeanraymonddaher]

generate ur key using the gradle task as opposed to getting the key from the terminal . that was my issue !

[IbrahimDisouki]

Check that if you still suffering from this issue. I thought that I can add SHA-256 or SHA1 but you must add SHA1 to get it to work.

[danielnordh]

We do not use Firebase, just the Outh2 client ID generated in console.developers.google.com

Turned out the issue was that the debug SHA1 fingerprint from keytool was DIFFERENT from the one in gradle signingreport. The latter worked, the former did not.

[nareshkumar198]

I fixed this problem, Go console developer google Go to My project Which I have to face the problem Go credentials, And Open OAuth Client Change the SHA-1 certificate fingerprint key

[ahmadbajwa12315]

hello everyone I have added SH1 in project and console and also configure my project with console. The release APK work fine before uploading to play store after I uploaded in play store it did not work and give me code 10 error. Now you can see there are three keys in console I'm using third one in GoogleSignInOptions here is the code. Help me to resolve this guys. GoogleSignInOptions gso = new GoogleSignInOptions.Builder(GoogleSignInOptions.DEFAULT_SIGN_IN) .requestIdToken(getString(R.string.AUTH_ID)) .requestEmail() .build();

[Mr-Ramzan]

hello everyone I have added SH1 in project and console and also configure my project with console. The release APK work fine before uploading to play store after I uploaded in play store it did not work and give me code 10 error. Now you can see there are three keys in console I'm using third one in GoogleSignInOptions here is the code. Help me to resolve this guys. GoogleSignInOptions gso = new GoogleSignInOptions.Builder(GoogleSignInOptions.DEFAULT_SIGN_IN) .requestIdToken(getString(R.string.AUTH_ID)) .requestEmail() .build();

use the second one and make sure it is not restricted to the platform you are using it in.

[Mr-Ramzan]

We do not use Firebase, just the Outh2 client ID generated in console.developers.google.com

Turned out the issue was that the debug SHA1 fingerprint from keytool was DIFFERENT from the one in gradle signingreport. The latter worked, the former did not.

yes, usually android studio generates the SHA1 key using the default Keystore. which changes for production builds as the same Keystore is not used in the signing apk. Now if that apk calls for services that have changed SHA1 value gets an error in response.

[ahmadbajwa12315]

hello everyone I have added SH1 in project and console and also configure my project with console. The release APK work fine before uploading to play store after I uploaded in play store it did not work and give me code 10 error. Now you can see there are three keys in console I'm using third one in GoogleSignInOptions here is the code. Help me to resolve this guys. GoogleSignInOptions gso = new GoogleSignInOptions.Builder(GoogleSignInOptions.DEFAULT_SIGN_IN) .requestIdToken(getString(R.string.AUTH_ID)) .requestEmail() .build();

use the second one and make sure it is not restricted to the platform you are using it in.

After Uploading to play store, Play store generate its own SH1 which we have to replace in second key in google console.

[ideepakmathur]

Instead of trying everything as stated above, I'm getting the same err 10.

Generated SHA Added to GCP Enabled Google Sig-in in Firebase Added the Same SHA-1 there

Am I doing it right, please help.

[jkbngl]

For me the issue was that I created the app in debug mode, but used a production keystore, adding the debug keystore in firebase fixed the issue for me:

keytool -alias androiddebugkey -keystore "%USERPROFILE%"\.android\debug.keystore -list -v

[abdullahalamodi]

when I run the app on the emulator it's working fine but when I generate signed apk it's show me this error ?? any advices

[AndroidDeveloperLB]

@samtstern

the web server client ID is used to mint the ID token, so that it's signed for the right "audience". It's actually not required for signing in, but we recommend that after you sign in you use the ID token to authenticate to your server or to another service (like Firebase Auth) if you need to (rather than an access token, which is dangerous)

I needed to use the id-token, so I created a web-application oauth credential, used it and this is how I create the sign-in:

    fun prepareIntent(context: Context): Intent {
        val googleClientId = context.getString(R.string.server_client_id)
        val options =
            GoogleSignInOptions.Builder(GoogleSignInOptions.DEFAULT_SIGN_IN)
                .requestServerAuthCode(googleClientId)
                //                .requestEmail()
                .build()
        val mSignInClient = GoogleSignIn.getClient(context, options)
        return mSignInClient.signInIntent
    }

And to get the id-token, I have this function:

    @NonNull
    @WorkerThread
    public static String setUp(final Context context, @Nullable final String serverAuthCode) throws IOException {
        final HttpTransport httpTransport = new NetHttpTransport();
        final JacksonFactory jsonFactory = JacksonFactory.getDefaultInstance();
        final String redirectUrl = "urn:ietf:wg:oauth:2.0:oob";
        final String clientId = context.getString(R.string.server_client_id);
        final String clientSecret = context.getString(R.string.client_secret);
        final GoogleTokenResponse tokenResponse = new GoogleAuthorizationCodeTokenRequest(
                httpTransport, jsonFactory,
                clientId, clientSecret,
                serverAuthCode, redirectUrl).execute();
        final String accessToken = tokenResponse.getAccessToken();
        return accessToken;
    }

So I call this to reach this function and get it (in background thread) :

GoogleSignIn.getLastSignedInAccount(this)
val serverAuthCode = result.serverAuthCode
setUp(applicationContext, serverAuthCode)

This works, but for some reason, when I run the app and choose the Google account, I also get a dialog of "confirm your choices" :

How so? All I need is the id-token, which the server can verify it's from a real account on its side (maybe get the email out of it there).

Is it even the correct way to get the id-token? I couldn't find where I got this code from (an old code)... I've found a different one (here), using GoogleAuthUtil.getToken(context, googleSignInAccount.account, "oauth2:profile email") , but I get a different token.

[saurabhdtu]

Hi I am facing this issue. https://github.com/flutter/flutter/issues/33393#issuecomment-832855222. I have raised it. Can someone take a look.

[thuantvDr4]

Hi all. Error code 10 is DEVELOPER_ERROR: https://developers.google.com/android/reference/com/google/android/gms/common/api/CommonStatusCodes.html#DEVELOPER_ERROR

This almost certainly means you have not properly registered your SHA1 and Package Name in the Google API console: https://developers.google.com/identity/sign-in/android/start

If you are 100% sure that you have done this correctly, make sure that your GoogleSignInOptions are correct. In particular, make sure the web client ID (if you're using it) belongs to the same project where you registered your package name and SHA1.

I am going to close this issue since that's the best advice I can provide with the limited information above.

My issue, root cause is SHA1! we must copy SHA1 at task = "signingReport" and variant = "debugAndroidTest" like this =

[sahilpatel09]

I just cross-check my SHA1 and discovered a mistake. I have fixed it and the Google sign-in is working as expected. My initial SHA1 was gotten via the terminal while I got the present one via Android studio. Maybe @makeze and @sudarsangp can try something like that if it works. @samtstern thanks for the tip.

Worked for me. Thanks brother

[nitinsurana]

After release to the store I found signin not working again and it turned out that you need to create a third key with your app's fingerprint from the Play Store developer console because google re-signs published builds with a different certificate. To sum it up you need to create four OAuth client ids in Google API console: 1 Web client id - this and only this one must be defined in your mobile app for all build types 3 Android client ids (with debug, release and publish fingerprints)

Strange, but this worked! I literally used the client_id from oauth_2.0_client_ids for type:webApplication in my android source-code. Earlier, I was using the client_id from oauth_2.0_client_ids for type:android in my android source-code

[Jmiguel14]

I had the same problem, I recomend to follow this: https://github.com/CodetrixStudio/CapacitorGoogleAuth/issues/15#issuecomment-515935930 so useful.

[Anirban-Chand]

I just cross-check my SHA1 and discovered a mistake. I have fixed it and the Google sign-in is working as expected. My initial SHA1 was gotten via the terminal while I got the present one via Android studio. Maybe @makeze and @sudarsangp can try something like that if it works. @samtstern thanks for the tip.

In my case, I tried both from terminal and Android Studio. Both are the same and not working.