Android Auth Error: "GetToken failed with status code: INVALID_AUDIENCE"

Question

There are a couple of questions about this vague error code already, but none have solved this issue for me, so I'll try again. First, here is the boilerplate code for signing in.

      GoogleSignInOptions gso = new GoogleSignInOptions.Builder(GoogleSignInOptions.DEFAULT_SIGN_IN)
        .requestEmail()
        .requestServerAuthCode("web app client ID copied from Dev API Console", false)
        .build();


  mGoogleApiClient = new GoogleApiClient.Builder(this).enableAutoManage(this, this).addApi(Auth
        .GOOGLE_SIGN_IN_API, gso).build();

  Intent signInIntent = Auth.GoogleSignInApi.getSignInIntent(mGoogleApiClient);
  startActivityForResult(signInIntent, RC_SIGN_IN);

With this code, I get a dialog and can select the appropriate user account. Yay! However, I then get a canceled code in onActivityResult, so I check logcat and notice the error message in the title. Then I search for other people with this issue, but haven't been able to figure out what the issue is in my case.

So let's check off common issues from other posts.

• The Firebase console shows my app is registered with the correct SHA-1 and SHA-256 fingerprints
• Both release and debug builds use the same keystore
• In the Google API manager, my "OAuth consent screen" is configured
• I've also verified the domain of the authorized redirect URIs
• I've re-downloaded the Firebase GoogleServices.json file, just to be sure
• There are no package name issues. In fact, Firebase Analytics has been running just fine on this app in the wild
• In the Play Store dev console, my OAuth client shows up in "Settings->API access"
• My Firebase project is linked in the Play Store dev console "Linked Accounts" settings section
• I've waited 10 hours, just to see if Google's backend would take time to set this up

For searchability, right after the logcat error message in the title, I get the following logcat print.

You have wrong OAuth2 related configurations, please check. Detailed error: INVALID_AUDIENCE

Answer 1

Your Web Client ID has to be generated in the same user account as Firebase, not your Play Store account. In my case, the two accounts are separate, and Google throws this error instead of linking the information properly. My Firebase account is linked to my Play Store account but that apparently doesn't mean the web client ID will be shared. I tried some other solutions such as linking the API Manager accounts, and that didn't work either. You must create the Web Client ID inside the same project Firebase uses in the API Manager account that is the same as your Firebase account.