[Google Auth] com.google.firebase.FirebaseException: An internal error has occured. [ Invalid Idp Response: id_token audience mismatch. ]

[Pierre Degand]

Hi,

I'm migrating my old Firebase app to the new one. 

I really like the new API to auth my users with Google, this is much simpler than the old way. 

However, i am having troubles to finalize the sign in flow.

After the Google Sign-In part of the flow (selecting the account, granting permissions), I retrieve the web token required to build a Credential to perform the Firebase sign in and I trigger the final sign-in.

But when the complete listener is called, the sign in fails with this error : 

W/signin: signInWithCredential :
com.google.firebase.FirebaseException: An internal error has occured. [ Invalid Idp Response: id_token audience mismatch. ]
                                                                    at com.google.android.gms.internal.zzacq.zzbN(Unknown Source)
                                                                    at com.google.android.gms.internal.zzacn$zzg.zza(Unknown Source)
                                                                    at com.google.android.gms.internal.zzacy.zzbO(Unknown Source)
                                                                    at com.google.android.gms.internal.zzacy$zza.onFailure(Unknown Source)
                                                                    at com.google.android.gms.internal.zzact$zza.onTransact(Unknown Source)
                                                                    at android.os.Binder.execTransact(Binder.java:453)

How can I be sure that I provided a proper id_token to the Credential and how can I sort this problem out ?

Thank you very much for the awesome product never the less :)

[Alfonso Gomez Jordana Manas]

Hello Pierre,

You have to manually whitelist your existing Google OAuth 2.0 client IDs in the Firebase console before using it with the new Auth APIs.

In order to do so, follow these steps:

1. Go to the Credentials section in the Google API Console.

2. Select from the top right corner the project where you had previously configured Google Sign-In.

3. Go to the OAuth 2.0 client IDs section

If you are using Google Sign-In on Android or iOS applications:

4. Take note of the Client ID string corresponding to all the entries registered for your applications.

5. Input these Client IDs into your Firebase project’s configuration:

1. Go to the Firebase console at https://console.firebase.google.com

2. Open the Auth section

3. Under Sign-In methods, open the Google configuration, and add there all you client IDs, to the whitelist of client IDs from external projects.

If you are using Google Sign-In on a web application:

4. Click to open your web client ID and take note of both the client ID and secret.

5. Input this Client ID into your Firebase project’s configuration:

1. Go to the Firebase console at https://console.firebase.google.com

2. Open the Auth section

3. Under Sign-In methods, open the Google configuration, and add the values under the Web SDK configuration section.

Let me know if this resolves your issue.

[Pierre Degand]

Hi Alfonso, 

Thanks for taking the time on my issue.

I did what you said about white listing the OAuth client ID but I still have the same problem.

I attached some screenshots to show you my Google API Configuration, the Firebase Auth configuration and the google-services.json that I'm using in my app.

The error is exactly the same before adding the client Id to the Whitelist.

[Steffen Mayer]

Hi,

I'm having the exact same issue as Pierre.

I also followed Alfonsos steps but they didn't help. :-(

Any other ideas?

[Thomas Cowan]

Hi,

    This is a long shot as I just ran into this problem and fixed it so thought you might be doing the same thing.

Prior to this version release I was having to pass a token from Google plus to Firebase which I retrieved using the following line,

GoogleAuthUtil.getToken(context, accountName, scope);

now though Firebase takes this ID instead,

result.getSignInAccount().getIdToken()

and that gets inserted into this line(as authToken),

AuthCredential credential = GoogleAuthProvider.getCredential(authToken, null);

This might not be the problem at all for you but worth checking as I slipped up with it. My fault of course!

Thanks

[Pierre Degand]

Hi Thomas,

Thanks for taking the time to explain this but as far as I'm concerned, I am already using result.getSignInAccount().getIdToken().
I removed the old GoogleAuthUtil code that was necessary with the old Firebase auth.

[Steffen Mayer]

Hi Pierre,

do you also have 2 projects on the Google Cloud Platform after importing your old Firebase? (I now have and "firebase-xyz" and "xyz")

I had to whitelist the "Web client ID" + "Web client secret" from the old "xyz" project. (Even tough I don't use the Web SDK)

The Google Sign-In is now working working again!

Too bad this is not mentioned in the official Firebase upgrade documentation.

Please let me know if this also worked for you.

Best regards,

Steffen

[Pierre Degand]

Hi Steffen,

After I migrated my old Firebase, I had 2 projects but I decided to migrate everything to the newly created Google Cloud project. And I doubled checked everything to be sure that I missed something in the migration (Android OAuth client ID, API Key fore Server and for Android ...)

BUT ...

When Firebase migrated my old project to the new Google Cloud Project, a new Web Key was created with the Web Key of my old Google Cloud project !! And I never checked this OAuth Web key ...

I have now configured the Web SDK in the Firebase Console with the new Web Client ID and secret and everything is working fine !

So, for the futur people that might read this. Double check EVERY SINGLE OAuth key in your Cloud console AND in Firebase Console, everything must match perfectly.

I can now start to use all the great new features of Firebase !!

Thanks for all the helps.

Pierre

[Rafa Vázquez]

Hi, same problem here.

Alfonso solution didn't work for me because I'm not using a separate project for the credentials. My firebase implementation was not in production yet, so I removed the old project used for the Sign In API and added the SHA of my debug and production app to the firebase project.

I got the Google Sign In part working, but I have the same issue when authenticating into Firebase.

[Pierre Degand]

Check your web configuration in Firebase console even though you are not using the web SDK. That's what solved the problem for me.

[David Vávra]

I tried everything, I even change app package name and it didn't work. Then I filled web configuration in the console and sign in in Android app started working!

David

[Ishan Guliani]

Hey,
I was having the same problem and this is what worked for me -

I did not add any Whitelist Client Ids since it said it is optional. I only had to comment out the older GoogleAuthUtil API call to fetch the token (String type). I simply added the line
String token = mGoogleAccount.getIdToken(); in my Asynctask's doInBackground() and BINGO!

Log in was successfull.

[Jacob Platin]

Hello, what worked for me was checking ALL of my keys.  It turns out that my API keys were wrong in the googleservices.json file

[Simon Huckett]

Thanks.  It took me a few minutes to realise the WebSDK configuration is found under "Google" on the SignIn providers.  I had the same problem as you, and it had not updated from a previous Web Client ID.  All is good now, thanks!