Upload Key certificate VS App signing Key certificate

[eylonshm]

Just a question, please close it as soon as someone replies.

Seems like the GoogleLogin doesn't work for some Android devices which using my production application and produce the well known "Developer Error", it does work for most of the devices tho!
I'm using GoogleCloudConsole (not Firebase), and in my Android clientID, I'm using the SHA-1 certificate from the "Upload Key certificate" section, but as it seems, I need to actually use the one from "App signing Key certificate".

So my questions:

1. Which SHA-1 do I really need to use? the one from "Upload Key certificate" or "App signing Key certificate"?
2. How could it be - that it's failing just for some of the Android devices, and work for the others (all are using the same app version from GooglePlay)? if something wrong with the keys, shouldn't it fail for everyone? shouldn't everyone just get a "Developer Error"?

Important Note:
I'm using Expo - when I run eas credentials and select the "Android Production" profile, I see the SHA-1 exists in the "App signing Key certificate" section.

Last thing: I see it's mentioned in the docs (see the image below), but at least in my case - the SHA-1 is differ from "Upload Key certificate" to "App signing Key certificate".
If it shouldn't be the same - maybe worth updating the docs, so it'd be clear which of the SHA-1 certificates is needed in the GoogleCloudConsole.

[vonovak]

Hello!
As the docs in your screenshot say:

"Under the"App signing key certificate" and also "Upload key certificate" take note of SHA-1".

That means you usually need to use BOTH SHAs. Does that answer your first question?

For your second question: Google play store may use more than one signing config I believe. In https://react-native-google-signin.github.io/docs/troubleshooting#developer_error - see "See how your app was signed".

Does this help?
Thank you

[eylonshm]

Thanks @vonovak!

Absolutely helps.
However, when I validate the SHA-1 of the app, seems like I'm using the exact same SHA-1 for the GooglePlayConsole Android clientID, and still - people can't login with google too often.

Do you know something about that? or usually when it works - it works for everyone.

[eylonshm]

Also, maybe that'd help, that's what I'm seeing in GooglePlayConsole, not sure what's the 10/100 users thing, cuz seems like my app's in production and open to external testers as shown in the image (I'm not asking for any sensitive scopes of course).

[JCcastagne]

Bumping this. I believe that I'm encountering the same issue in (expo) production builds.

[juliussneezer04]

Bump, still facing this issue, Upload key and App Signing Key SHA:1's are different so I have 2 OAuth Clients in GCP, but locally some users can't sign in

[aniruddhashevle]

Bumping this. Facing the similar issues when we deploy the bundle on Google play console for internal testing. We've already added both the SHA-1 fingerprints (Upload Key certificate and App signing Key certificate) in Firebase project. And used the latest google-services.json file. It's failing. We don't have any issues though when we generate the bundle locally, it works fine.

[aniruddhashevle]

Finally, we got this working. Both SHA-1 fingerprints need to be added in Firebase Console and Google Cloud Console. Also, we need to create 2 separate OAuth Android client IDs in the Google Cloud Console: one for the Upload Key Certificate and the other for the App Signing Key Certificate.

[juliussneezer04]

Finally, we got this working. Both SHA-1 fingerprints need to be added in Firebase Console and Google Cloud Console. Also, we need to create 2 separate OAuth Android client IDs in the Google Cloud Console: one for the Upload Key Certificate and the other for the App Signing Key Certificate.

This didn't work for me :/ I'm guessing because I don't use firebase?

[aniruddhashevle]

Finally, we got this working. Both SHA-1 fingerprints need to be added in Firebase Console and Google Cloud Console. Also, we need to create 2 separate OAuth Android client IDs in the Google Cloud Console: one for the Upload Key Certificate and the other for the App Signing Key Certificate.

This didn't work for me :/ I'm guessing because I don't use firebase?

@juliussneezer04 I don't think its because you don't use firebase. You're facing issues locally some users can't sign in is it. For locally, I guess you need to add Test users in the Audience menu in GCP for your project. You can try open project in GCP > All products > Google Auth Platform > Audience menu > Test users > Add Users. Try to add those users which can't sign in. This should work for you locally.

[juliussneezer04]

that's a great suggestion but our status is 'In production', so we don't need any testing users. Weirdly still doesn't work. Used a workaround in my case, appreciate the help!

[fbotalla]

Finally, we got this working. Both SHA-1 fingerprints need to be added in Firebase Console and Google Cloud Console. Also, we need to create 2 separate OAuth Android client IDs in the Google Cloud Console: one for the Upload Key Certificate and the other for the App Signing Key Certificate.

Sorry the questions, when you say add in Google Cloud Console , isn't that the same as the OAuth Android client IDs, which are auto-generated by Firebase after you add the SHA-1 to the Firebase project? Am I missing something? Thank you!

[aniruddhashevle]

Finally, we got this working. Both SHA-1 fingerprints need to be added in Firebase Console and Google Cloud Console. Also, we need to create 2 separate OAuth Android client IDs in the Google Cloud Console: one for the Upload Key Certificate and the other for the App Signing Key Certificate.

Sorry the questions, when you say add in Google Cloud Console , isn't that the same as the OAuth Android client IDs, which are auto-generated by Firebase after you add the SHA-1 to the Firebase project? Am I missing something? Thank you!

@fbotalla : We do have Android key (auto created by Firebase) in the API Keys. Initially, I was under the impression that it should work by default. However, despite this, it was still not functioning as expected. As a result, I had to create two separate OAuth 2.0 Client IDs for Android. Additionally, we are required to add the SHA-1 certificate fingerprints from both the Upload Key Certificate and the App Signing Key Certificate respectively.

[Deepak-Chulliparambil]

Thanks @aniruddhashevle

The solution, it works!!

[therealalankoshy]

Thanks @aniruddhashevle
It worked for me as well !!!