26

I have been following the guide for setting up One Tap sign-in and sign-up on Android, and have used the example code to set up the One Tap client, but every time I call oneTapClient.beginSignIn(signInRequest) I get a callback to OnFailureListener's onFailure():

com.google.android.gms.common.api.ApiException: 16: Cannot find a matching credential.
    at com.google.android.gms.common.api.internal.TaskUtil.setResultOrApiException(com.google.android.gms:play-services-base@@17.2.1:6)
    at com.google.android.gms.internal.auth-api.zzaj.zzc(com.google.android.gms:play-services-auth@@18.0.0:2)
    at com.google.android.gms.internal.auth-api.zzaa.dispatchTransaction(com.google.android.gms:play-services-auth@@18.0.0:6)
    at com.google.android.gms.internal.auth-api.zzc.onTransact(com.google.android.gms:play-services-auth@@18.0.0:13)
    at android.os.Binder.execTransactInternal(Binder.java:1021)
    at android.os.Binder.execTransact(Binder.java:994)

What does this mean? Why am I getting this? I'm sure I must have missed something somewhere in the setup.

Roy Solberg
  • 18,133
  • 12
  • 49
  • 76

9 Answers9

56

There are actually several different cases where you would give this same error message

Case #1

I was sure I had uploaded the SHA-1 signature of my debug certificate, but that was not case.

The documentation states this:

On the Credentials page, create an Android client ID for your app if you don't already have one. You will need to specify your app's package name and SHA-1 signature.

In practice you need to go to the mentioned page and create an OAuth Client ID and get the SHA-1 with the good old keytool -list -v -keystore ~/.android/debug.keystore -alias androiddebugkey -storepass android -keypass android.

Case #2

For some reason the same error code and error message will also be used if you specify setFilterByAuthorizedAccounts(true) and you as a user don't have any Google accounts that are already authorized to sign in to your application.

As specified in the documentation linked in the question you could first use setFilterByAuthorizedAccounts(true) to help the user pick the same account as the last time and then setFilterByAuthorizedAccounts(false) to make it possible to create a new user for the app.

Case #3

The user is not logged in with any Google accounts on the device.

Roy Solberg
  • 18,133
  • 12
  • 49
  • 76
  • 12
    `setFilterByAuthorizedAccounts(false)` work for me. many thanks! – fahrizal89 Aug 18 '21 at 17:19
  • For "Case #1" you can also upload your app to Google Play for internal testing and use your development SHA that you get from Google Play Console. – Guney Ozsan Nov 24 '21 at 15:09
  • My case was #1. I was sure, too that I create OAuth client for my Android app. But I didn't it for my app for debug. Thanks! – John Hwang Dec 03 '21 at 04:03
  • @GuneyOzsan there are two keys "App signing key certificate" and "Upload key certificate" which one should I use in the google oauth2 developer console? – Mahmood Hussain May 30 '22 at 16:50
  • If you've done everything mentioned in the solution and it still happens, you may need to wait at least 15 minutes. The Google Play Services places limits on how often you can call the authentication API. Deleting the Google Play Service cache doesn't always help. I had to wait hours before the error went away. – Johann Jun 02 '22 at 07:02
  • I did the Scenario #1 you've described, but, what about the oauth id? where do i put that text? how to protect / secure it ? – Marlon López Aug 22 '22 at 01:15
  • Man! You are the best! setFilterByAuthorizedAccounts(true) was the case – Evgenii Vorobei Dec 01 '22 at 06:11
3

Roy's answer is pretty comprehensive. A few further details/pointers to get around this error message:

  • Ensure the SHA-1 signature registered on the Google console is from the correct build. For your debug build you can retrieve the SHA-1 signature in Android Studio by clicking Gradle in the top right, then 'YourApp' -> Tasks -> android and run the Signing Report.

  • Emulator Testing. (This is where I personally fell over) You're probably not signed in on the Android emulator with a Google account. Sign in there, or switch to a physical device, for testing the One Tap sign-in.

Patrick
  • 855
  • 8
  • 12
  • After more than 12hours with the problem your solution is what worked form me. My worry is that the recommended approach using the keytool produces another signature. Does it mean that I need to have a different SHA-1 signature for the testing and another one for production? – Joe Okatch Oct 21 '21 at 10:32
  • 4
    I don't see `'YourApp' -> Tasks -> android` – zaitsman Jan 20 '22 at 00:02
  • @zaitsman In th new android studio its hidden by default. you have to enable it – Rahul Hawge Dec 15 '22 at 02:45
  • @RahulHawge very helpful comment. HOW do I enable it? – zaitsman Dec 18 '22 at 23:19
  • @zaitsman follow this answer https://stackoverflow.com/questions/67405791/gradle-tasks-are-not-showing-in-the-gradle-tool-window-in-android-studio-4-2 – Rahul Hawge Dec 20 '22 at 13:42
1

In my case:

  • I deleted the autogenerated web client Id (the one generated by Firebase) on the Google API Console.
  • Once deleted, I created a new web application and put the new client id in the firebase console
  • I updated google-services.json in my Android project by downloading it from scratch

After these 3 steps I finally can see the Sign-up with Google bottom sheet dialog

Nicola Gallazzi
  • 7,897
  • 6
  • 45
  • 64
1

In my case, I needed to set applicationId instead of a package name in the Package name field for Android Oauth ClientId in Google Cloud Platform Console, because in my app applicationId was different from the package name.

Martin Schaaf
  • 11
  • 1
  • 1
1

The solution in my case was redownloading the services.gson file from firebase after enabling Google Sign-in because

It contained the OAuth client information required for Google sign-in.

Another note setFilterByAuthorizedAccounts(true) only gave me 1 account and setFilterByAuthorizedAccounts(false) showed me all Gmail accounts on the device.

Rohaitas Tanoli
  • 624
  • 4
  • 16
0

It may be obvious but do also ensure that Package name in OAuth Client ID matches your build.

I had forgotten I had applicationIdSuffix in my build and I was using the wrong package name until I checked BuildConfig.APPLICATION_ID for my build's package name.

Keith
  • 11
  • 1
  • 2
0

On my emulator the problem was I was not signed in within Google Play app. Once I made the login on Google Play error 16 disappeared :)

Nicola Gallazzi
  • 7,897
  • 6
  • 45
  • 64
0

One quick fix that worked for me on the emulator was doinga cold boot. When the emulator goes into sleep for a long time it mess its clock and it will not validate certificates

Arnaud JEZEQUEL
  • 61
  • 5
0
  1. Visit https://console.firebase.google.com/project/yourproject/authentication
  2. Click "Sign-in method"
  3. Enable "Google Sign-In"

This resolved the issue for me.

Andrew
  • 2,438
  • 1
  • 22
  • 35