Very quick post on a problem I’ve seen a few people hit where they are upgrading a Firebase.com project which uses Google Sign In on Android.
Just Tell Me What To Do Already
- Upgrade your Firebase.com project
- Connect your Android app, but do not enter a SHA1
- Go to the old Google Developers/Google Cloud project you were using and copy each client ID used for an Android app (e.g. the debug and release versions at least).
- In the Auth > Sign In Method > Google panel, enter the client IDs you copied before.
This ensures your existing app keeps working, and sets you up for transitioning to the new SDK.
Why Am I Doing This?
There are a couple of things to know:
- The specific combination of Android package name and SHA1 is unique across Google. It can only exist in a single Google project, and is associated with a single client ID.
- An upgraded Firebase project is a Google project underneath.
This means if you go through the upgrade flow, attempt to connect your Android app and enter a SHA1 used by an existing project, you will get an error. The tempting thing to do is to delete the client ID in the old project, and add the SHA1 in the new project
The problem with this is that if you have already have an app published using Google Sign In and Firebase 2.x, the sign ins suddenly will be coming from a different Google project, and so will start failing with an “Invalid authentication token” error.
If you’ve done that - no problem, just remove the SHA1 from the new Firebase console (you can’t remove the last one, but just edit it to something different), re-add them on your old Google project, and whitelist the client IDs as above.