New Google sign in Android

I'm trying to get a user token ID using the new Google play services 8.3 and as documented I pass the server ID:

GoogleSignInOptions gso = new GoogleSignInOptions.Builder(GoogleSignInOptions.DEFAULT_SIGN_IN)
    .requestIdToken(getString(R.string.server_client_id))
    .requestEmail()
    .build();

but I'm still getting un successful result as below:

{statusCode=unknown status code: 12501, resolution=null}

and documented here GoogleSignInStatusCodes

>The sign-in was cancelled by the user. i.e. the user cancelled some of the sign-in resolutions, e.g. account picking or OAuth consent. > >Constant Value: 12501

That is not my case, as I already picked an account. Any idea what could be the reason?

I had exactly the same problem and i have found the solution.

If you follow the documentation found here: https://developers.google.com/identity/sign-in/android/start-integrating

The first step tells you to create the configuration file (which creates an OAuth 2.0 client ID for you and inserts it into the google-services.json)

Then later, it says again about creating a OAuth 2.0 client ID, but this time it says that you have to do it for Web application

And this is the confusing part! (at least for me) because i was just taking the client id created for the android OAuth and not creating a new one for Web application (I thought the documentation was just redundant or something)

As it says, it is this one, and only this one the one you have to use as a parameter of the methods requestIdToken or requestServerAuthCode.

Forget about using the Android OAuth ID in this methods because then you will get all the time the ugly status code response 12501.

I think the main problem is that the documentation is a bit confusing about this. Or maybe because it is a bit strange the fact that you have to create two OAuth IDs.

So as a summary, you need TWO OAuth IDs, one for android and one for web application, and you have to set each one in the correct place.

I was struggling with this and wasted almost a week in it.

This is how I got it worked.

1. Import Project in AndroidStudio
2. Create debug keystore for project.
3. Create SHA1 signature for project using debug keystore.
4. Using SHA1 signature, register your app for Google Signin on Google Developer Console.
5. Generate a Google Configuration file there.(Put in Android Studio's app folder)
6. Use Web Client ID from OAuth 2.0 credentials in your Android Project.
7. Now, from Android Studio, generate debug build(APK) of your project.
8. Mount the device in your system -> copy this signed debug version of APK and install it.

Last three steps 6, 7 and 8, are what you actually need to take care of. If you directly run the project then APK is not actually signed with the debug keystore and google does not recognise it at all.

I had the same problem, after research solution it's resumed that server_client_id contained some incorrect value or your google_services.json didn't include oauth_client with client_id that registered with your keystore.

requestIdToken(getString(R.string.server_client_id))

R.string.server_client_id use OAuth 2.0 client ID for Web Application. And OAuth Client ID for Android use in google_services.json

Usually we use 2 keystore, 1 using debug keystore and 1 using signed keystore for published. So if we want to need in debug & publish mode, register your OAuth Client ID for Android twice, 1 using SHA1 from debug keystore and 1 from signed keystore for published.

small example in my google_services.json

  "oauth_client": [
    {
      "client_id": "xxx-client-id.com",
      "client_type": 1,
      "android_info": {
        "package_name": "com.app.android",
        "certificate_hash": "xxxhash"
      }
    },
    {
      "client_id": "yyy.client-id.com",
      "client_type": 1,
      "android_info": {
        "package_name": "com.app.android",
        "certificate_hash": "yyyhash"
      }
    }
  ],

I was getting the same issue, it was because I created client ID of application type Android

Instead, I deleted it and created client ID of type web application and I got rid of this issue.

Just figure out how to solve this... I was getting this error while trying to run the debug version of my app... To fix it, add a credential for your debug app on the developer console and also on the google-services.json.

this fixed it for me!

I had the same problem, and I solved with the following solution:

1. Create configuration file (google-services.json) as described here and place in your /app project directory
2. (As mentioned in other answers) Using Web application Client ID for requestIdToken method.
3. [My main problem] Sign your app if you work on debug mode like below:

> signingConfigs { > release { > storeFile file("myreleasekey.keystore") > storePassword "password" > keyAlias "MyReleaseKey" > keyPassword "password" > } > } > > buildTypes { > release { > ... > } > debug { > ... > signingConfig signingConfigs.release > } > }

Now I got it.

So first you must follow the upper answers saying:

1. create a OAuth client-id for web applications in the Google Developers Console and use it in requestIdToken() (get rid of status code 12501)
2. if you created a Android OAuth client-id for your production hash key, create a new Android OAuth client-id for your debug hash key and integrate it into your google-services.json. (get rid of status code 12500)

No longer valid And here comes the last Part:

3. you can not call requestIdToken() and requestEmail() at once. At least in my case I got rid of Result: Status{statusCode=INTERNAL_ERROR, resolution=null} by deleting requestEmail().

So good luck...

In my case, I also had to check that the debug SHA-1 was added as a valid OAuth Android client.

Use Web application as server_client_id not Android application

I had the same problem and I noticed that 12501 code was returned when my server_client_id contained some incorrect value.

Since there is no detailed message and the documentation of this error code is rather poor I don't know if your problem has the same cause as mine.

---

My application is based on Android code from this example (class IdTokenActivity). To make it work I also needed to integrate Google sign-in into my app:

• generated json config file with enabled Google Sign-In
• added Google plugin and dependency to my gradle file
• created OAuth client ID for this app and saved it in my project as server_client_id

Is your apk in debug mode? I think it only works with a signed apk.

1. Follow the ambiguous google's document.

2. Put google-services.json to your project directory

3. Set your gradle as https://stackoverflow.com/a/35216421/5886475

4. Set server_client_id in string.xml .It's your web client id not android client

A problem I had is that the SHA-1 I generated as with the incorrect alias. The alias MUST BE androiddebugkey . So I have put the Android OAuth ID at my google-service.json file. I have put the Web Client Id to requestIdToken(). And in my specific case, I generated the SHA-1 with androiddebugkey alias.

google-services.json:

"oauth_client": [
    {
      "client_id": "ANDROID OAUTH ID-.....apps.googleusercontent.com",
      "client_type": 1,
      "android_info": {
        "package_name": "br.com.packagename",
        "certificate_hash": "SHA-1 HASH"
      }
    },{
      "client_id": "WEB CLIEND ID......apps.googleusercontent.com",
      "client_type": 3
    }
 ]

Signing part:

GoogleSignInOptions gso = new GoogleSignInOptions.Builder(GoogleSignInOptions.DEFAULT_SIGN_IN)
                .requestIdToken("WEB CLIEND ID......apps.googleusercontent.com")
                .requestEmail() 
                .build(); 

In place of R.string.server_client_id , just use R.string.default_web_client_id .

When you copy the google-services.json file into the app, it creates this string value automatically. You don't need to copy the key from google-services.json to string.xml It worked for me.

I solved this issue by Clicking Firebase Support in Android Studio, which may not be relevant to non-Firebase users.

1. Go to menu Tools->Firebase
2. Click Connect your app to Firebase, it will display as Connected in green once connection is successful
3. Click Add Firebase Authentication to your app button, it will also turn green.

NOTE: Having huge list of answers in this definitely confirm one thing. Google needs to update and keep the documentation fool proof.

If none of the above options work, do check whether you applicationId in app build.gradle is same as you package name.

Oviously first check your release sha1 key is correct or not. But if still it is not working and you ar using google play services 8.4.0 (i.e.compile 'com.google.android.gms:play-services:8.4.0'), the issue could be solved by modifying GoogleSignInOption object. Instead of:

GoogleSignInOptions gso = new GoogleSignInOptions.Builder(GoogleSignInOptions.DEFAULT_SIGN_IN)
                    .requestEmail()  
       .requestIdToken("YOUR_WEB_API_ID.apps.googleusercontent.com")
                    .build();

You have to use :

GoogleSignInOptions gso = new GoogleSignInOptions.Builder(GoogleSignInOptions.DEFAULT_SIGN_IN)
                .requestScopes(new Scope(Scopes.PLUS_LOGIN))
                .requestScopes(new Scope(Scopes.PLUS_ME))
                .requestEmail()
                .build();

This solves error returning statusCode=INTERNAL_ERROR OR statusCode=Error 12501 OR statusCode=Error 12500. Then this gso object could be used for creating GoogleApiClient as shown below:

 mGoogleApiClient = new GoogleApiClient.Builder(this)
                .enableAutoManage(this, this)
                .addApi(Auth.GOOGLE_SIGN_IN_API,gso)
               // .addApi(Plus.API, null)
                .addConnectionCallbacks(this)
                .addOnConnectionFailedListener(this)
               // .addScope(Plus.SCOPE_PLUS_LOGIN)
                .build(); 

Don't know why but SHA1 in android studio is changed automatically and that's why I am getting this error. To solve this I updated the SHA1 of my firebase project settings with the new SHA1 of my android studio and it started working again.

In my case, my Credentials for Client ID for Android on Google APIs Console only contained the SHA-1 for my release signed APK. Android Studio was using the default debug keystore to sign my debug builds, and in that case the debug keystore SHA-1 did not match the Android client SHA-1 online. My solution was to simply sign the debug builds with the release keystore.

In Android Studio, Build/Edit Build Types..., then select your debug build type and make sure Signing Config is set to your release certificate.

I had the same problem and error 12501 and non of of above did work for me.

My problem was I using google Default web api that generated for me. after creating my own web api error disappeared and worked fine!

these are working steps:

1. first I created SHA1 debug key and add to Firebase console. creating SHA1 from here.
2. create both web api and android OAuth 2.0 client ID from here
3. get generated google-service.json from Firebase console and put in app folder.
4. put this code for GoogleSignnOption

like this:

gso = new GoogleSignInOptions.Builder(GoogleSignInOptions.DEFAULT_SIGN_IN).requestIdToken
                ("put the web app client Id that get from the link in developer console ")
                .requestEmail().build();

tip 1: I find out that you should create both android and web app Client Id to work.

tip 2: if you from Iran like me you can get the user from google but you can not AuthWithGoogle and result will fail in auth.signInWithCredential(credential) and you had to use some proxy for returning true.

this is the working full source of FireBaseAuthDemo in github:

hope help full

Try following these steps:

1. Clone the following project https://github.com/googlesamples/google-services

2. Follow the guide at https://developers.google.com/identity/sign-in/android/start

3. Use Web client (auto created by Google Service) and add it in requestIdToken(...)

    GoogleSignInOptions gso = new GoogleSignInOptions.Builder(GoogleSignInOptions.DEFAULT_SIGN_IN)
       .requestEmail()  
       .requestIdToken("YOUR_WEB_API_ID.apps.googleusercontent.com")
       .build();
   

4. Make sure you are using the same keystore used which is added to Google project. For instance, if you have used the following command to generate SHA-1 key

    keytool -exportcert -list -v -alias androiddebugkey -keystore ~/.android/debug.keystore    
   

5. Then add the following code in app/build.gradle file inside android { ... } [Solved my problem]

    signingConfigs
    {
        debug 
        {
            storeFile file("/home/ashwin/.android/debug.keystore")
            storePassword "android"
            keyAlias "androiddebugkey"
            keyPassword "android"
        }
    }
   
    buildTypes
    {
        release
        {
            minifyEnabled false
            proguardFiles getDefaultProguardFile('proguard-android.txt'), 'proguard-rules.pro'
        }
        debug
        {
            signingConfig signingConfigs.debug
        }
    }
   

Note: Your keyPassword and keyAlias should be the same used during generation of SHA-1 certificate.

If you are using the debug keystore to build the project, you need to add the SHA-1 fingerprint of debug.keystore on Firebase Console.

1. On your Firebase Console, open your Project
2. Go to Parameters. Tab General
3. At the end of this page, there is a field to add a Fingerprint SHA-1
4. Paste the SHA-1 in the console field.

To obtain SHA-1 of debug.keystore :

Mac/Linux :

keytool -exportcert -list -v -alias androiddebugkey -keystore ~/.android/debug.keystore

Windows :

 keytool -exportcert -list -v -alias androiddebugkey -keystore %USERPROFILE%\.android\debug.keystore

https://developers.google.com/android/guides/client-auth

That's all !

I had this problem too, after following Google's instructions for Automatically signing your app. If you are using this method to sign your apps, you will need to include the generated keystore fingerprint in your API credentials.

> On the project browser, right click on your app and select Open Module > Settings.

I found it less confusing to put the .jks file in my project's /app directory. In any case run this line on it.

keytool -list -v -keystore /home/user/keystores/android.jks

You will be prompted for a password. Not sure if it's the Key Password or Store Password because mine are the same. :|

The console will spit out a bunch of certificate fingerprints. Take the SHA1 one and punch it into your API credentials at the Google API Developer's Console. You will need to enter it for the Android client OAuth 2.0 client IDs even though you don't actually use that client_id in your app. If you are using other APIs for android, put the same SHA1 in the appropriate key credentials under API keys too.

Here is a new one. I was trying for 6 hours to login on the emulator with the id from my corporate Google Apps domain, to no avail, getting 12501 errors. On a hunch, I tried my personal gmail id and it worked. Ditto if I tried on my phone with my corporate id. It turns out the emulator did not have the proper Mobile Device Management settings to allow my corporate id to login.

So If I want to test on the emulator with this corporate id, I have to install Google Play Store, then the MDM software, and configure it.

From my weird experience with this error, I can say that you also need to try to reboot your phone in order to get rid of this error :) I was implemented Google Sign In using G Suite accounts which have a device policy assigned via Google Admin. So on the first sign in it was requiring to install Device Policy app. After all later steps completed, it was just throwing 12501 error. Same time the same app was working fine on other phones. So only reboot helped. But helped

Though already many upvoted answers exist in this question, I struggled to understand the logic. So, I come up with my research.

• Create a app using correct package name & Signing-certificate fingerprint SHA-1 https://developers.google.com/mobile/add?platform=android&cntapi=signin
• Enable google sign-in
• Generate the configuration file.

To get SHA-1, run this in terminal:

keytool -exportcert -keystore path-to-debug-or-production-keystore -list -v

About OAuth 2.0 client IDs

• OAuth for the web (In app this is used as server_client_id)
• OAuth for android (This needs to be created using correct package name & Signing-certificate fingerprint SHA-1).

>If you are using the different keystore for debug & release, you need to create separate OAuth 2.0 client IDs using respective package name & SHA-1.

You can create or edit your OAuth 2.0 client IDs here https://console.developers.google.com/apis/credentials?project=

1. Navigating to your app.
2. If you already have a OAuth for Android, click in its name & check the package name & SHA-1.

We can use the same keystore for both debug & release by saving the keystore details in global(local, not inside project) gradle.properties & getting it in build.gradle as below.

def key_alias = ""
def key_password = ""
def store_file = ""
def store_password = ""

try {
    key_alias = YOUR_KEY_ALIAS
    key_password = YOUR_KEY_PASSWORD
    store_file = YOUR_KEYSTORE_PATH
    store_password = YOUR_KEYSTORE_PASSWORD
} catch (Exception exception) {
    throw new IllegalStateException('Failed to find key store details. Social Login is disabled');
}

android {
	signingConfigs {
        config {
            keyAlias key_alias
            keyPassword key_password
            storeFile file(store_file)
            storePassword store_password
        }
    }

    buildTypes {
        debug {
            signingConfig signingConfigs.config
            // ...
        }
        release {
            signingConfig signingConfigs.config
            // ...
        }
    }
}

You can use below snippet

@Override
protected void onActivityResult(int requestCode, int resultCode, Intent data) {
    super.onActivityResult(requestCode, resultCode, data);
    if (requestCode == REQUEST_CODE_GOOGLE_SIGN_IN) {
        GoogleSignInResult result = Auth.GoogleSignInApi.getSignInResultFromIntent(data);
        if (result.isSuccess()) {
            // ...
        } else if (result.getStatus().getStatusCode() == CommonStatusCodes.NETWORK_ERROR) {
            // No internet connection
        } else if (result.getStatus().getStatusCode() == CommonStatusCodes.DEVELOPER_ERROR) {
            // Wrong server OAuth key(server_client_id)
        } else if (result.getStatus().getStatusCode() == 12501) {
            // Wrong app signing-certificate fingerprint SHA1
        } else {
            Log.e("Google sign in error", result.getStatus().toString());
        }
    }
}

> Note: If you enabled only Google Sign-In when you generated the configuration file, you need not to add the google-servies.json file in your project.(generating the file performs the necessary configuration steps).

1.Specify signingConfigs in your gradle file

signingConfigs {
        config {
            keyAlias 'appalias'
            keyPassword 'hunter123'
            storePassword 'hunter123'
            storeFile file('path/to/keystore.jks')
        }
}

2.Go to Build Types in Project Structure (in Android Studio) and specify signingConfigs to "config"

Now clean your project and build again. It should work.

If the above doesn't work then below is your last resort.
Try step one and build and check. If it's not working go to next step and try to build again.

1. Build a signed apk (With remember password checked).
2. Before signing check the filename of the keystore file and the one yo give in while signing the apk (in android studio).
3. Install the signed apk in your device.
4. Wait for five minutes.
5. Try singing in to google. If still 12501 is coming wait five more minutes. While doing that hit gradle sync.
6. Try again. It should work.

Since the app requests Google sign in from web view we need to create web application auth client id v2.0

1. Go to [Google API Credentials][1] and Choose your Android project from Top Left corner [2]

2. Click on Create Credentials --> OAuth Client Id --> Choose Web Application

3. Click Ok

4. Now , if you have synced Android Studio with Firebase (logged in) just rebuild the project Otherwise Download updated google-services.json file and replace the existing one.

It should work fine.

[1]: https://console.developers.google.com/apis/credentials "Google API Credentials" [2]: https://i.stack.imgur.com/P3s7j.png

I have same problem too, Was resolved as follows:

> 1. I was made to delete the SHA1 previously thought and create and set new SHA1. > > 2. generate new google-services.json and set into my app directory > > 3. I was use exactly google developer codes > > 4. my result.isSucces() returned true after running the project

as summary, delete old sha1 and create new sha1 and download new google-services.json

I was facing the same 12501 status error. This is due to SHA-1 mismatch of release APK and debug APK.

1. Make a signed APK. To sign an APK, choose existing path of the keystore you have used for creating SHA-1. e.g. /.android/debug.keystore
2. Give alias-name : androiddebugkey
3. storepass and keypass : android.

I have developed lib to Add Google SignIn option in your app with just few lines of code. Try HiGoogle- Google SignIn Made Easy

Use Web application as server_client_id not Android application. Pass it in the HiGoogle constructor.

I had the same problem. I probably didn't follow the steps properly when I first created the google-services.json and added firebase to project, and even after trying all the steps described here I couldn't fix the problem. I finally managed by connecting to firebase from within android studio as described here. I went through the first two steps and compiled again, the code finally worked.