This error might happen if you are not using same project at console.developers.google and console.firebase.google.com. If project is same at both console make sure you have add your SHA1 Key properly. Get SHA1 from Android studio.

  1. Open Android Studio
  2. Open your Project
  3. Click on Gradle (From Right Side Panel, you will see Gradle Bar)
  4. Click on Refresh (Click on Refresh from Gradle Bar, you will see List Gradle scripts of your Project)
  5. Click on Your Project (Your Project Name form List (root))
  6. Click on Tasks
  7. Click on Android
  8. Double Click on signingReport (You will get SHA1 and MD5 in Run Bar(Sometimes it will be in Gradle Console))
  9. Select app module from module selection dropdown to run or debug your application 
 You also need to get google-services.json from firebase console and put into your project.

I landed into the same problem and wasted hours. On digging deeper into OAuth and OpenId, I figured out the reason. We are doing a conceptual error here.

For android or any other platform (except web), you need to create at least two types of client id in the same project of google API console. These Client ID types are:

  1. Web Application
  2. Android

You can create them in any order. While creating Android type Client Id, you need to give package name and SHA1. While creating Web Application Id, you just need to give a name.

You don't need to do anything with any of these id's further until you want to verify the user at your backend. In other words, if you want your backend server to ask google server about this user's information, then only you would need Web Application Id. The conceptual flow is as follows:

  1. First send Web Application Client Id from Android App to Google Sign-in Server as an additional option using requestIdToken(your_web_app_client_id).
  2. You will get back a token in Android app upon user's sign in.
  3. Send this token to your backend.
  4. Now your backend can exchange this token with Google Servers to get user's information

Send this Web Appplication Client Id from Android App to backend server.

Use this Web Application Id if you want to verify user at your backend.


The answer for me was that you actually need to combine the two main answers given here:

  1. Make sure that you created Google OAuth client ids for Android (one for Debug and one for release) and then assure that they have assigned the right SHA1 as described in the accepted answer.

  2. Then you also need to create an OAuth client ID for Web and use that one for the actual SignIn:

    GoogleSignInOptions gso = new GoogleSignInOptions.Builder(GoogleSignInOptions.DEFAULT_SIGN_IN)
        .requestIdToken(WEB_CLIENT_ID)
        .requestEmail()
        .build();               
    

I've found another source of the problem.

In my case the keys were alright, but applicationId field in build.gradle script differed from app's package name.

Small research showed that applicationId field value takes some kind of "precedence" before app's package name conserning Google autentication.

After commenting applicationId line in build.gradle, app autenticates itself in Google by package name.


I fixed this problem this way

 GoogleSignInOptions gso = new GoogleSignInOptions.Builder(GoogleSignInOptions.DEFAULT_SIGN_IN)
                .requestIdToken(getString(R.string.AUTH_ID))
                .requestEmail()
                .build();

where my AUTH_ID is enter image description here