Sign in with Google is not working on Android (only on iOS) - Flutter

0
votes

It seems that the Sign in with Google plugin is working on iOS but not on Android. I'm currently using the latest version (google_sign_in 5.0.2). I have already utilized any possible configurations on Firebase console by filling up the SHA fingerprints and the its credentials. I have also placed the google-services.json and GoogleService-Info.plist files on the Flutter project.

To check the validity of the token, I used this (https://www.googleapis.com/oauth2/v1/tokeninfo?id_token=) and one thing I have noticed is that whenever a token is generated from an Android device, it would show different values on issued_to and audience. I checked on the Firebase project's credentials and the OAuth client id being used on the audience is from a Web Application and not from an Android device (I'm only developing for iOS and Android devices). Both tokens generated from iOS and Android were verified tokens from JWT.

With that, whenever this token is being validated by the backend, with this guide (https://github.com/google/google-id-token), it would return a token client-id mismatch.

I'm not really sure what's the cause since I have already recreated the Firebase project like three times and I would still get the same error. Any cause?

Additional information:

Verified: https://www.googleapis.com/oauth2/v1/tokeninfo?id_token=

iOS:

{
  "issued_to": "60204403274-jvgooi7...",
  "audience": "60204403274-jvgooi7...",
  "user_id": "1003...",
  "expires_in": 3583,
  "email": "dean...",
  "email_verified": true,
  "issuer": "https://accounts.google.com",
  "issued_at": 1619....,
  "nonce": "IF4Y3..."
}

Android:

{
  "issued_to": "60204403274-uqoa6ss...",
  "audience": "60204403274-7uh25jv2...",
  "user_id": "10036...",
  "expires_in": 1592,
  "email": "dean...",
  "email_verified": true,
  "issuer": "https://accounts.google.com",
  "issued_at": 1619...
}

Error returned:

{status: Cannot validate: Token client-id mismatch}

Firebase console: https://i.stack.imgur.com/THYx5.png

2
androidfirebaseflutterfirebase-authenticationgoogle-signin
can you update your question with error log? - Amod Gokhale
@AmodGokhale, I have already updated my question. Thank you. - Dean
nonce is missing for android - Himanshi Thakur
@HimanshiThakur, How do I add the nonce though if that's the issue? - Dean

2 Answers

0
votes

can you check if in manifest you have:

<uses-permission android:name="android.permission.INTERNET" />
<uses-permission android:name="android.permission.ACCESS_NETWORK_STATE" />

Check this page

0
votes

As per your logs nonce is missing for android. so add nonce and test again.

  /*  Create a nonce for this request.
   Here we append the string to a number of random bytes to ensure it larger
    than the minimum 16 bytes required.
    Read out this value and verify it against the original request to ensure the
    response is correct and genuine.
    NOTE: A nonce must only be used once and a different nonce should be used for each request.
    As a more secure option, you can obtain a nonce from your own server using a secure
    connection. Here in this sample, we generate a String and append random bytes, which is not
    very secure. */

Follow the tips on the Security Tips page for more information: / https://developer.android.com/training/articles/security-tips.html#Crypto

 // TODO(developer): Change the nonce generation to include your own, used once value,
        // ideally from your remote server.

        String nonceData = "Sample: " + System.currentTimeMillis();
        ByteArrayOutputStream byteStream = new ByteArrayOutputStream();
        Random mRandom = new SecureRandom();

        byte[] bytes = new byte[24];
        mRandom.nextBytes(bytes);
        try {
            byteStream.write(bytes);
            byteStream.write(nonceData.getBytes());
        } catch (IOException e) {
            e.printStackTrace();
        }

        byte[] nonce = byteStream.toByteArray();