I have also been getting the same error response for the past few days; I have been trying to fixed the problem but no breakthrough and I learnt that the response code (10) means it is a developer problem.
I hope someone can profer a solution here.

Same issue.

Hi all. Error code 10 is DEVELOPER_ERROR:
https://developers.google.com/android/reference/com/google/android/gms/common/api/CommonStatusCodes.html#DEVELOPER_ERROR

This almost certainly means you have not properly registered your SHA1 and Package Name in the Google API console:
https://developers.google.com/identity/sign-in/android/start

If you are 100% sure that you have done this correctly, make sure that your GoogleSignInOptions are correct. In particular, make sure the web client ID (if you're using it) belongs to the same project where you registered your package name and SHA1.

I am going to close this issue since that's the best advice I can provide with the limited information above.

I just cross-check my SHA1 and discovered a mistake. I have fixed it and the Google sign-in is working as expected. My initial SHA1 was gotten via the terminal while I got the present one via Android studio. Maybe @makeze and @sudarsangp can try something like that if it works.
@samtstern thanks for the tip.

@samtstern sorry for the trouble it was indeed a misconfiguration issue. @ibnahmadbello thanks for the suggestion.

I still have a question though. I am trying out SignInActivity and I don't see any usage of server_client_id in SignInActivity.java. Does Google Identity service check whether the project (in google cloud) has a valid OAuth 2.0 client ID with the same package name (as the app) in order to allow Signing In?

@sudarsangp the web server client ID is used to mint the ID token, so that it's signed for the right "audience". It's actually not required for signing in, but we recommend that after you sign in you use the ID token to authenticate to your server or to another service (like Firebase Auth) if you need to (rather than an access token, which is dangerous)

I am new to android development and had opted in for google play app signing. My debug release worked fine but when publishing to internal test release it would fail. I realized the app is being resigned upon uploading to google so I registered using signing keys from google play portal and that fixed it. Oddly enough, examining the gradle signing report would only show sha1 for debug builds and not for release builds no matter I had selected the release keystore. Thankfully for now it is not an issue using google play signing.

Google is getting more and more ugly, they're making simple things complicated. The problem is the third key,

1、the debug key

2、the release key

3、Google Play App signing key

You need THREE keys to figure out ONE Google SignIn.

Does facebook also need three keys? Maybe one day google will need 30 keys.

@mike1128 yeah, Facebook too requires 3 keys if you've signed up for Google Play App signing.
Refer to this article.

thanks @samtstern

I just cross-check my SHA1 and discovered a mistake. I have fixed it and the Google sign-in is working as expected. My initial SHA1 was gotten via the terminal while I got the present one via Android studio. Maybe @makeze and @sudarsangp can try something like that if it works.
@samtstern thanks for the tip.

It works for me, thanks ;)

hi @ibnahmadbello I had the same problem when I was using sh1 generated from the commande line. but when I used android studio I get an other key and it work.
thank you

Hello @rady-ben , what is your way to get sha1 from android studio?

优秀

This error might happen if you are not using same project at console.developers.google and console.firebase.google.com. If project is same at both console make sure you have add your SHA1 Key properly. Get SHA1 from Android studio.

Open Android Studio
Open your Project
Click on Gradle (From Right Side Panel, you will see Gradle Bar)
Click on Refresh (Click on Refresh from Gradle Bar, you will see List Gradle scripts of your Project)
Click on Your Project (Your Project Name form List (root))
Click on Tasks
Click on Android
Double Click on signingReport (You will get SHA1 and MD5 in Run Bar(Sometimes it will be in Gradle Console))
Select app module from module selection dropdown to run or debug your application 
 You also need to get google-services.json from firebase console and put into your project.

@technologyshare there is no Gradle Bar. How to turn it on?

@technologyshare: do we need to submit Oauth screen?

@technologyshare there is no Gradle Bar. How to turn it on?

Check in the right side

@technologyshare: do we need to submit Oauth scre

@technologyshare: do we need to submit Oauth screen?

if you are integrating it from web than you need to pass oauth screen, if you are doing only by phone. No Need

When i release my app to playstore in beta mode the same server_client_ID doesn't works and i get error in:

    Task<GoogleSignInAccount> task = GoogleSignIn.getSignedInAccountFromIntent(data);

ApiException: 10

I'm quite new to Android development and was struggling with the error as well. I used Android Studio terminal to get the fingerprint. First I created a debug one by calling keytool -alias androiddebugkey -keystore %USERPROFILE%\.android\debug.keystore -list -v and everything worked well. Then I tried a fingerprint from a release keystore generated like so keytool -keystore path-to-production-keystore -list -v and got the error. The problem turned out to be in using release key in a debug build. As soon as I generated a release build signed with the same keystore the problem has gone.

I have an application giving this error but it already had the key.jks and I can't reuse it?

@samtstern

the web server client ID is used to mint the ID token, so that it's signed for the right "audience". It's actually not required for signing in, but we recommend that after you sign in you use the ID token to authenticate to your server or to another service (like Firebase Auth) if you need to (rather than an access token, which is dangerous)

I needed to use the id-token, so I created a web-application oauth credential, used it and this is how I create the sign-in:

    fun prepareIntent(context: Context): Intent {
        val googleClientId = context.getString(R.string.server_client_id)
        val options =
            GoogleSignInOptions.Builder(GoogleSignInOptions.DEFAULT_SIGN_IN)
                .requestServerAuthCode(googleClientId)
                //                .requestEmail()
                .build()
        val mSignInClient = GoogleSignIn.getClient(context, options)
        return mSignInClient.signInIntent
    }

And to get the id-token, I have this function:

    @NonNull
    @WorkerThread
    public static String setUp(final Context context, @Nullable final String serverAuthCode) throws IOException {
        final HttpTransport httpTransport = new NetHttpTransport();
        final JacksonFactory jsonFactory = JacksonFactory.getDefaultInstance();
        final String redirectUrl = "urn:ietf:wg:oauth:2.0:oob";
        final String clientId = context.getString(R.string.server_client_id);
        final String clientSecret = context.getString(R.string.client_secret);
        final GoogleTokenResponse tokenResponse = new GoogleAuthorizationCodeTokenRequest(
                httpTransport, jsonFactory,
                clientId, clientSecret,
                serverAuthCode, redirectUrl).execute();
        final String accessToken = tokenResponse.getAccessToken();
        return accessToken;
    }

So I call this to reach this function and get it (in background thread) :

GoogleSignIn.getLastSignedInAccount(this)
val serverAuthCode = result.serverAuthCode
setUp(applicationContext, serverAuthCode)

This works, but for some reason, when I run the app and choose the Google account, I also get a dialog of "confirm your choices" :

How so?
All I need is the id-token, which the server can verify it's from a real account on its side (maybe get the email out of it there).

Is it even the correct way to get the id-token? I couldn't find where I got this code from (an old code)...
I've found a different one (here), using GoogleAuthUtil.getToken(context, googleSignInAccount.account, "oauth2:profile email") , but I get a different token.

Hi I am facing this issue. flutter/flutter#33393 (comment). I have raised it. Can someone take a look.

Hi all. Error code 10 is DEVELOPER_ERROR:
https://developers.google.com/android/reference/com/google/android/gms/common/api/CommonStatusCodes.html#DEVELOPER_ERROR

This almost certainly means you have not properly registered your SHA1 and Package Name in the Google API console:
https://developers.google.com/identity/sign-in/android/start

If you are 100% sure that you have done this correctly, make sure that your GoogleSignInOptions are correct. In particular, make sure the web client ID (if you're using it) belongs to the same project where you registered your package name and SHA1.

I am going to close this issue since that's the best advice I can provide with the limited information above.

My issue, root cause is SHA1!
we must copy SHA1 at task = "signingReport" and variant = "debugAndroidTest"
like this =

I just cross-check my SHA1 and discovered a mistake. I have fixed it and the Google sign-in is working as expected. My initial SHA1 was gotten via the terminal while I got the present one via Android studio. Maybe @makeze and @sudarsangp can try something like that if it works.
@samtstern thanks for the tip.

Worked for me. Thanks brother

After release to the store I found signin not working again and it turned out that you need to create a third key with your app's fingerprint from the Play Store developer console because google re-signs published builds with a different certificate.
To sum it up you need to create four OAuth client ids in Google API console:
1 Web client id - this and only this one must be defined in your mobile app for all build types
3 Android client ids (with debug, release and publish fingerprints)

Strange, but this worked!
I literally used the client_id from oauth_2.0_client_ids for type:webApplication in my android source-code.
Earlier, I was using the client_id from oauth_2.0_client_ids for type:android in my android source-code

I had the same problem, I recomend to follow this: CodetrixStudio/CapacitorGoogleAuth#15 (comment)
so useful.

I just cross-check my SHA1 and discovered a mistake. I have fixed it and the Google sign-in is working as expected. My initial SHA1 was gotten via the terminal while I got the present one via Android studio. Maybe @makeze and @sudarsangp can try something like that if it works.
@samtstern thanks for the tip.

In my case, I tried both from terminal and Android Studio. Both are the same and not working.

After release to the store I found signin not working again and it turned out that you need to create a third key with your app's fingerprint from the Play Store developer console because google re-signs published builds with a different certificate. To sum it up you need to create four OAuth client ids in Google API console: 1 Web client id - this and only this one must be defined in your mobile app for all build types 3 Android client ids (with debug, release and publish fingerprints)

Thank you. This fixed my problem. After upload first bundle to internal test i started to get an error with google sign in. What i done to fix that problem:

1. add all of the "android" cliend ids (for all fingerprints)
2. add play signing fingerprint to firebase console
3. get new google-services.json from firebase console

First Create and add Android Fingerprint in Android Client ID

And Create A new Web Application OAuth Client ID

GoogleSignInOptions gso = new GoogleSignInOptions.Builder(GoogleSignInOptions.DEFAULT_SIGN_IN)
                .requestEmail()
                .requestProfile()
                .requestIdToken(getString(WEB_APPLICATION_CLIENT_ID_FOR_OAUTH_2))
                .build();

Use Web Application OAuth Client ID 👍👍👍

This solved it for me https://www.youtube.com/watch?v=SdYp5JdMvs0

"Web Application" name confuse me, but it works

Also watch out for this Key com.google.android.gms.games.APP_ID expected String but value was a java.lang.Float. The default value <null> was returned. - yes, use @string resources like in the guide

In my case, everything worked with Client ID from https://console.cloud.google.com. But after adding requestServerAuthCode I started getting errorCode 10 and it turned out that I needed to use oauth_client from fireabse google-services.json which was a different string...

I just came across this thread, as I see the same error in our app.

When I add the SHA1 from our release keystore to the Google Cloud Console, the signin process os working when running a release build on device or emulator. When running a debug build on emulator, I see this error code 10.

The other way around, when adding the SHA1 from the debug keystore, the sign in process stops working when running a release build.

So my question is: how can I make sure that I am able to test the login stuff in a debug build AND people using the live app (when it is released on play store) can use the sign in stuff at the same time? As I can only add one SHA1 to the Google Cloud Console.

Btw, I am not using Firebase. Thank you in advance!

When I tried to use the New Google Sign-In API (https://developers.google.com/identity/sign-in/android/sign-in-identity), I found that on system versions lower than Android 10, always Error: com.google.android.gms.common.api.ApiException: 10: Caller not whitelisted to call this API., but there is no such error on Android 10 and Android 11 and above phones. I'm currently using Google Sign-In for Android (legacy) (https://developers.google.com/identity/sign-in/android/sign-in) I've also never encountered such an error, I don't understand Why? My SHA1 is configured correctly

I was getting this error and I had checked the SHA's and Web Client stuff were all set up correctly. I must have checked this 20 times. Everything matched in firebase, google developer console, and google-services.json, but yet google sign in was not working.

I finally figured it out and wanted to post this for others (and probably my future self when I run across this again).

My issue was I have 2 firebase projects. One for stage, and one for prod. Stage worked fine but prod did not. Yes, I confirmed I had all the right SHA's set up and everything (sort of). I realized that the SHA I added to firebase was for my production keystore release version, but I was running the app locally in debug mode with my stage keystore file. I quick google on how to run it in release mode locally gave me this command:

react-native run-android --mode release

Everything is working now.

hii all if you are facing the issue using google login with code 10,then follow the steps below you may find your solution
1.check your project connect to the firebase account
2.if you are connected with firebase account then just add to sha-1 and sha-256 in your firebase account.
3.download the google.json file and put in your app folder in project root folder

hope your problem might be solve
happy coding!

i have a problem with google login ONLY in Production/Android.

i use EXPO
i use it WITHOUT FIREBASE.
i receive in production/android "DEVELOPER_ERROR" error.

Into documentation i see that is always as misconfigured, but the only configuration we have is a fingerprint to add in Google Api Console.

i can't understand which fingerprint add for production.

FINGERPRINT on my google play console

FINGERPRINT found in android studio with command gradle signinreport

FINGERPRINT found with eas credentials

i try every fingerprint with the same result.

thanks in advanced

A help to workaround this problem

For whom use the AppCenter to distribute the APK. The AppCenter by somehow overrides the release keystore from project, they use their own keystore. You can get this SHA1 from their keystore by downloading the apk and run keytool -printcert -jarfile 'path_to_apk'. You'd get the SHA1, then add the new Android Oauth Client ID with this SHA1. Then try again, this fixed my issue. Hope it helps!

i have a problem with google login ONLY in Production/Android.

i use EXPO i use it WITHOUT FIREBASE. i receive in production/android "DEVELOPER_ERROR" error.

Into documentation i see that is always as misconfigured, but the only configuration we have is a fingerprint to add in Google Api Console.

i can't understand which fingerprint add for production.

FINGERPRINT on my google play console

FINGERPRINT found in android studio with command gradle signinreport

FINGERPRINT found with eas credentials i try every fingerprint with the same result.

thanks in advanced

A help to workaround this problem

hey, u decided it ?

This is still a hot issue samtstern. Closing this makes no sense