"Developer error: this application is misconfigured" Google sign in on firebase with whitelisted client id

Question

I'm trying to migrate to firebase auth on my android app. The package name and SHA1 are currently associated with an old app engine project (which I don't want to upgrade to firebase) and therefore I can't add the SHA1 fingerprint to my new firebase project. The app engine project is currently in production, so I can't remove the android client ids or delete the project. The documentation here https://support.google.com/firebase/answer/6401008?authuser=0 says that I should be able to whitelist the client IDs of the old app engine project. However when I do this and then try to log in to the app with google using firebase auth I get the following error "Developer error: this application is misconfigured. Check your SHA1 and package name in the Firebase console."

I have also tried the instructions here https://firebase.googleblog.com/2016/12/working-with-multiple-firebase-projects-in-an-android-app.html which involve passing in a GoogleSignInOptionsobject into the AuthUI builder with a web client id from the appropriate project like so:

private void StartLoginActivity() {

    GoogleSignInOptions gso = new GoogleSignInOptions.Builder(GoogleSignInOptions.DEFAULT_SIGN_IN)
            .requestIdToken("<my-client-id>.apps.googleusercontent.com")
            .requestEmail()
            .build();

    List<AuthUI.IdpConfig> providers = Arrays.asList(
            new AuthUI.IdpConfig.EmailBuilder().build(),
            new AuthUI.IdpConfig.GoogleBuilder().setSignInOptions(gso).build());

    startActivityForResult(
            AuthUI.getInstance()
                    .createSignInIntentBuilder()
                    .setAvailableProviders(providers)
                    .build(),
            RC_SIGN_IN);
}

but when I do that I get the error java.lang.IllegalArgumentException: two different server client ids provided

So my question is how can I configure my firebase project to enable auth when the SHA1 is associated with an existing GCP project?

Answer 1

I got the following response from firebase support and was able to get this working:

Google sign in with FirebaseUI is configured through the google-services.json >file. The issue is that if you are using an OAuth client ID from a different >project, the default_web_client_id will be configured incorrectly. It will be >pointing to the auto generated web client id of your new Firebase project; we >don't want this.

In step 1 of https://developers.google.com/identity/sign-in/android/backend->auth, we call #requestIdToken(getString(R.string.server_client_id)). In >firebaseUI, this is also done and this resource is 'default_web_client_id' - >generated by google-services.json. This needs to be changed.

So to resolve the issue you need to use the web OAuth client ID from project >#1, you can do this by either:

Changing the google-services.json file - you'd need to change the client_id >fields to the correct web client id from project #1 You also need to whitelist (Auth > Sign In Providers > Google) the web client >OAuth from project#1 to project#2

Not use google-services.json so you can set the default_web_client_id himself. We made a guide for this, see here.

Here's the process I followed to get this working:

1. Go to GCP Console > Select old project > Apis and services > Credentials

2. Create credentials > OAuth client ID

3. Select Web application

   • Enter a name
   • Leave Javascript origins and authorized redirect URLS blank

4. Copy the client id

5. Open firebase console

6. Go to authentication > sign-in method > google
7. Whitelist the new client id > add > save
8. Go back to settings > add firebase to your android app
   • Add your android package name
   • Leave signing certificate empty
9. Click register app
10. Download & open google-services.json

11. In oauth_client there will be an entry for each oauth client id in your app (FYI these can be seen on the GCP console under Apis and services > Credentials).

12. Delete the whole oauth_client tag and replace with "oauth_client": [ { "client_id": "<your_new_client_id>", "client_type": 3 } ], If you need any of the other oauth clients then make sure that the whitelisted one is at the top as this seems to be the default.

13. Save the file & copy into your android app module.

14. Make sure you have the following dependencies:

    • project root build.gradle
    • classpath 'com.google.gms:google-services:4.0.0'
    • app module build.gradle
    • compile 'com.google.firebase:firebase-core:16.0.0'
    • compile 'com.firebaseui:firebase-ui-auth:4.0.0'

15. Build & Run your project

If you get this error (with no futher details): BasicNetwork.performRequest: Unexpected response code 400 for https://www.googleapis.com/identitytoolkit/v3/relyingparty/verifyAssertion?alt=proto&key=AIzaSyBJL6EO8vMEJpyWUCAKP8ZgH4LYR0Hrwpk

Check your gradle dependendies are set to the versions above (or higher)

If you get this error: com.google.firebase.FirebaseException: An internal error has occurred. [ Invalid Idp Response:the Google id_token is not allowed to be used with this application. Its audience (OAuth 2.0 client ID) is <your-client-id>, which is not authorized to be used in the project with project_number: <your-project-number>. ]

Try removing & re-adding your whitelisted client id on the firebase console.