Error 12501 authenticating with google sign-in

I'm using google sign-in services to authenticate users that use my app. I got it to work when I just requested email information

GoogleSignInOptions gso = new GoogleSignInOptions.Builder(GoogleSignInOptions.DEFAULT_SIGN_IN)
                    .requestEmail().build();

Then, I figured out I also need to request ID token to be able to authenticate with my backend so I did:

GoogleSignInOptions gso = new GoogleSignInOptions.Builder(GoogleSignInOptions.DEFAULT_SIGN_IN)
                    .requestIdToken(String.valueOf(R.string.server_client_id))
                    .requestEmail().build();

The problem is that it wouldn't let me log in after the changes. The status I keep getting each time I try to login is Status{statusCode=unknown status code: 12501, resolution=null}.

I've been searching around and I found this post that is pretty much about the same thing. However, I didn't make any of the mistakes named by the people who answered, the oAuth Client ID in my dev console is for web application: And R.string.server_client_id is the first client ID from the picture. the package names are of course correct in all placed otherwise it wouldn't even work without the token request. 2 people also suggested that the app needs to be signed for this to work, but googles documentation says that debug key should work too, and it doesn't make sense to make people sign the apps for debugging.

I've been trying to figure this out for hours but with no success. What could be the problem? Please feel free to request more information I might have forgotten to put here.

Solution 1:

Well, this is very embarrassing, but I figured it out:

GoogleSignInOptions gso = new GoogleSignInOptions.Builder(GoogleSignInOptions.DEFAULT_SIGN_IN)
                    .requestIdToken(AuthenticatedActivity.this.getResources().getString(R.string.server_client_id))
                    .requestEmail().build();

I was sending it the resource ID instead of dereferenced string resource.

Solution 2:

Obviously first check your release sha1 key is correct or not. But if still it is not working and you ar using google play services 8.4.0 (i.e.compile 'com.google.android.gms:play-services:8.4.0'), the issue could be solved by modifying GoogleSignInOption object. Instead of:

GoogleSignInOptions gso = new GoogleSignInOptions.Builder(GoogleSignInOptions.DEFAULT_SIGN_IN)
                    .requestEmail()  
       .requestIdToken("YOUR_WEB_API_ID.apps.googleusercontent.com")
                    .build();

You have to use :

GoogleSignInOptions gso = new GoogleSignInOptions.Builder(GoogleSignInOptions.DEFAULT_SIGN_IN)
                .requestScopes(new Scope(Scopes.PLUS_LOGIN))
                .requestScopes(new Scope(Scopes.PLUS_ME))
                .requestEmail()
                .build();

This solves error returning statusCode=INTERNAL_ERROR OR statusCode=Error 12501 OR statusCode=Error 12500. Then this gso object could be used for creating GoogleApiClient as shown below:

 mGoogleApiClient = new GoogleApiClient.Builder(this)
                .enableAutoManage(this, this)
                .addApi(Auth.GOOGLE_SIGN_IN_API,gso)
               // .addApi(Plus.API, null)
                .addConnectionCallbacks(this)
                .addOnConnectionFailedListener(this)
               // .addScope(Plus.SCOPE_PLUS_LOGIN)
                .build(); 

See this for detail: Google signin not working on release version of android

Solution 3:

Make sure you added the SHA-1 fingerprint for your (release) signing key to the Firebase console

Find your SHA1 key: keytool -exportcert -list -v -alias <your-key-name> -keystore <path-to-production-keystore>

Add it to the firebase console: go to https://console.firebase.google.com, select your app, select settings.