Error 12501 authenticating with google sign-in

I'm using google sign-in services to authenticate users that use my app. I got it to work when I just requested email information

GoogleSignInOptions gso = new GoogleSignInOptions.Builder(GoogleSignInOptions.DEFAULT_SIGN_IN)
                    .requestEmail().build();

Then, I figured out I also need to request ID token to be able to authenticate with my backend so I did:

GoogleSignInOptions gso = new GoogleSignInOptions.Builder(GoogleSignInOptions.DEFAULT_SIGN_IN)
                    .requestIdToken(String.valueOf(R.string.server_client_id))
                    .requestEmail().build();

The problem is that it wouldn't let me log in after the changes. The status I keep getting each time I try to login is Status{statusCode=unknown status code: 12501, resolution=null}.

I've been searching around and I found this post that is pretty much about the same thing. However, I didn't make any of the mistakes named by the people who answered, the oAuth Client ID in my dev console is for web application: And R.string.server_client_id is the first client ID from the picture. the package names are of course correct in all placed otherwise it wouldn't even work without the token request. 2 people also suggested that the app needs to be signed for this to work, but googles documentation says that debug key should work too, and it doesn't make sense to make people sign the apps for debugging.

I've been trying to figure this out for hours but with no success. What could be the problem? Please feel free to request more information I might have forgotten to put here.

Well, this is very embarrassing, but I figured it out:

GoogleSignInOptions gso = new GoogleSignInOptions.Builder(GoogleSignInOptions.DEFAULT_SIGN_IN)
                    .requestIdToken(AuthenticatedActivity.this.getResources().getString(R.string.server_client_id))
                    .requestEmail().build();

I was sending it the resource ID instead of dereferenced string resource.

Obviously first check your release sha1 key is correct or not. But if still it is not working and you ar using google play services 8.4.0 (i.e.compile 'com.google.android.gms:play-services:8.4.0'), the issue could be solved by modifying GoogleSignInOption object. Instead of:

GoogleSignInOptions gso = new GoogleSignInOptions.Builder(GoogleSignInOptions.DEFAULT_SIGN_IN)
                    .requestEmail()  
       .requestIdToken("YOUR_WEB_API_ID.apps.googleusercontent.com")
                    .build();

You have to use :

GoogleSignInOptions gso = new GoogleSignInOptions.Builder(GoogleSignInOptions.DEFAULT_SIGN_IN)
                .requestScopes(new Scope(Scopes.PLUS_LOGIN))
                .requestScopes(new Scope(Scopes.PLUS_ME))
                .requestEmail()
                .build();

This solves error returning statusCode=INTERNAL_ERROR OR statusCode=Error 12501 OR statusCode=Error 12500. Then this gso object could be used for creating GoogleApiClient as shown below:

 mGoogleApiClient = new GoogleApiClient.Builder(this)
                .enableAutoManage(this, this)
                .addApi(Auth.GOOGLE_SIGN_IN_API,gso)
               // .addApi(Plus.API, null)
                .addConnectionCallbacks(this)
                .addOnConnectionFailedListener(this)
               // .addScope(Plus.SCOPE_PLUS_LOGIN)
                .build(); 

See this for detail: https://stackoverflow.com/questions/36473665/google-signin-not-working-on-release-version-of-android/36575882#36575882

Make sure you added the SHA-1 fingerprint for your (release) signing key to the Firebase console

Find your SHA1 key: keytool -exportcert -list -v -alias <your-key-name> -keystore <path-to-production-keystore>

Add it to the firebase console: go to https://console.firebase.google.com, select your app, select settings.

In my project I had a different applicationId in my gradle file than packagename in my manifest.xml and that was the source of my problem.

The android key I had to created needed to have the applicationId fqdn and NOT the package name (contrary to what google tells you) for it to work for me.

Thought I'd leave that here in case it saves time to someone.

1.Specify signingConfigs in your gradle file

signingConfigs {
        config {
            keyAlias 'appalias'
            keyPassword 'hunter123'
            storePassword 'hunter123'
            storeFile file('path/to/keystore.jks')
        }
}

2.Go to Build Types in Project Structure (in Android Studio) and specify signingConfigs to "config"

Now clean your project and build again. It should work.

If the above doesn't work then below is your last resort.
Try step one and build and check. If it's not working go to next step and try to build again.

1. Build a signed apk (With remember password checked).
2. Before signing check the filename of the keystore file and the one yo give in while signing the apk (in android studio).
3. Install the signed apk in your device.
4. Wait for five minutes.
5. Try singing in to google. If still 12501 is coming wait five more minutes. While doing that hit gradle sync.
6. Try again. It should work.

Edit: Google have added apk signing in the console. If you already signed your apk, ignore it OR if you want to use it be careful with it because it can break your current google signin settings

I had this issue when I accidentally used the client ID of the Android app instead of the Webapp as the requestIdToken() parameter.

You should use the Client ID of the Webapp there. By default it is called Web client (auto created by Google Service)

The <meta-data> from Androidmanifest.xml is outside of <application></application> enclosure. Thats why you get 12501 error

    <meta-data android:name="com.google.android.gms.games.APP_ID"
        android:value="@string/app_id" />
    <meta-data android:name="com.google.android.gms.version"
        android:value="@integer/google_play_services_version"/>

Have you already set up your signingConfigs and buildTypes in your Gradle? I've fixed it by explicitly specify those things on gradle. Read here http://developer.android.com/tools/publishing/app-signing.html

I had the same problem. The problem was that I somehow had the wrong "API Project" selected and therefore chose the wrong web client key. Obviously there were two OAuth2 server client IDs created in both of my API Projects while my attempts to get the demo app running.

I don't know how relevant this question is in 2019. However, Error code 12501 means:

> The sign in was cancelled by the user. i.e. user cancelled some of the > sign in resolutions, e.g. account picking or OAuth consent.

Check following link for more information:

https://developers.google.com/android/reference/com/google/android/gms/auth/api/signin/GoogleSignInStatusCodes.html#SIGN_IN_CANCELLED

I experienced a similar problem. In my case, it was because the server client ID that I was using was from a different project than the client keys. It turns out that they need to be from the same project.

Hi I have seen above comments but as I have done practical , its all sha issue , means if you will register the sha of particular ip address and get google.services json , that will perfect either you can use

   gso = new GoogleSignInOptions.Builder(GoogleSignInOptions.DEFAULT_SIGN_IN)
            .requestEmail()
            .build();

or gso = new GoogleSignInOptions.Builder(GoogleSignInOptions.DEFAULT_SIGN_IN) .requestIdToken(LoginActivity.this.getResources().getString(R.string.server_client_id)) .requestEmail().build(); but if you want to create app on other ip address with other machine sha is showing you 12501 error status code so for that you need to generate again sha for that particular machine . Thanks