SHA-1 problem with Firebase and Google-Auth and Phone-Auth

1
votes

I'm currently making an app where you can also login via your Google account or mobile phone number with Firebase. With the keytool I have already read my SHA-1 and stored it in the project settings of Firebase (I also read the SHA-1 value via Gradle in Android-Studio, of course, it's the same value as in Keytool.). When I test the app while debugging, everything works fine. As soon as I make a release of the APK (signed APK V1 & V2) and install this APK, logging in via Google or mobile phone number is not possible. Error:

This app is not authorized to use Firebase Authentication. Please verify the correct package name and SHA-1 are configured in the Firebase Console. [App validation failed]

In the Firebase console, the correct SHA-1 is specified. Or does the APK have a different SHA-1 value after the release? And why does everything work while debugging, not after release?

It would be really nice if someone could help me.

5
androidfirebasefirebase-authentication

5 Answers

1
votes

In case if still anyone needs it here's a detailed explaination...

While debugging, you create a debug sha1 key which will let you work proper in debugging mode, but when you create a signed apk, for that you need to generate a sha1 for release builds.

For that, keytool -list -v -keystore (now here you need to provide the relative path for your key.keystore[which you generated while generating signed apk]) -alias (now the alias name is present in gradle.properties and default is my-key-alias)

Also, this works for them too whose app gets a otp after creating a signed apk on a particular device but not on different device.

Hope this helps.

2
votes

In order to prevent abuse the firebase phone authentication wont work in emulator.

But if you want it for testing purpose then you should add use some testing phone number in firebase console that will work in emulator.

Go to your firebase console -> Authentication -> SIGN-IN Method -> Phone and check the "Phone numbers for testing (optional)" field.

enter image description here

Make sure the phone number you are adding is not logged/registered before. If the number is already present in authentication then you cannot add that as test account.

If you aren't using an emulator, then follow this:

Tools>Firebase>Authentication>Connect>Sync

This usually happens when you update android studio.

2
votes

Finally I found a solution!!! The release apk has a different SHA-1 and SHA-256 value than the debug apk. After creating a release apk with both signatures you have to manually query the SHA-1 value of the release with the keytool. This can then be entered in the Firebase console.

2
votes

After spending the whole Day figuring out what was the issue. I’ve found the culprit! It was in the App Signing for Google Play that we have opted-in.We need to register the SHA-1 from the App Signing itself. It can be found in the inside Google Play Console under Release Management > App Signing. It will have two types of certificate:

1.Upload certificate: this is the information of the certificate from the keystore that uploaded. This is needed to be the same with the keystore for app signing locally as the Google Play will verify the uploaded app to match with this signed certificate.

2.App Signing certificate: after uploaded the app, Google will replace the upload certificate with this certificate. This is a new certificate that will be used for published app in Play Store.

With those information, I just realize that we hadn’t registered the SHA-1 for the App Signing certificate which being used by published app. So, I added the SHA-1 (also the SHA-256, just in case needed) fingerprints in the Firebase > Project Setting for the app (Don’t forget to update the latest config file after added the fingerprints).

So After adding your your SHA Fingerprints your Firebase SHA certificate fingerprints will look like this: enter image description here

Now Save Changes then Go back to your App and test it again it will work now!.

0
votes

You can run this in terminal :

./gradlew signingReport

and then you get the sha1 and the sha256