Getting "16: Cannot find a matching credential" when doing One Tap sign-in and sign-up on Android

Question

I have been following the guide for setting up One Tap sign-in and sign-up on Android, and have used the example code to set up the One Tap client, but every time I call oneTapClient.beginSignIn(signInRequest) I get a callback to OnFailureListener's onFailure():

com.google.android.gms.common.api.ApiException: 16: Cannot find a matching credential.
    at com.google.android.gms.common.api.internal.TaskUtil.setResultOrApiException(com.google.android.gms:play-services-base@@17.2.1:6)
    at com.google.android.gms.internal.auth-api.zzaj.zzc(com.google.android.gms:play-services-auth@@18.0.0:2)
    at com.google.android.gms.internal.auth-api.zzaa.dispatchTransaction(com.google.android.gms:play-services-auth@@18.0.0:6)
    at com.google.android.gms.internal.auth-api.zzc.onTransact(com.google.android.gms:play-services-auth@@18.0.0:13)
    at android.os.Binder.execTransactInternal(Binder.java:1021)
    at android.os.Binder.execTransact(Binder.java:994)

What does this mean? Why am I getting this? I'm sure I must have missed something somewhere in the setup.

Answer 1

There are actually several different cases where you would give this same error message

Case #1

I was sure I had uploaded the SHA-1 signature of my debug certificate, but that was not case.

The documentation states this:

On the Credentials page, create an Android client ID for your app if you don't already have one. You will need to specify your app's package name and SHA-1 signature.

In practice you need to go to the mentioned page and create an OAuth Client ID and get the SHA-1 with the good old keytool -list -v -keystore ~/.android/debug.keystore -alias androiddebugkey -storepass android -keypass android.

Case #2

For some reason the same error code and error message will also be used if you specify setFilterByAuthorizedAccounts(true) and you as a user don't have any Google accounts that are already authorized to sign in to your application.

As specified in the documentation linked in the question you could first use setFilterByAuthorizedAccounts(true) to help the user pick the same account as the last time and then setFilterByAuthorizedAccounts(false) to make it possible to create a new user for the app.

Case #3

The user is not logged in with any Google accounts on the device.

Answer 2

Roy's answer is pretty comprehensive. A few further details/pointers to get around this error message:

• Ensure the SHA-1 signature registered on the Google console is from the correct build. For your debug build you can retrieve the SHA-1 signature in Android Studio by clicking Gradle in the top right, then 'YourApp' -> Tasks -> android and run the Signing Report.

• Emulator Testing. (This is where I personally fell over) You're probably not signed in on the Android emulator with a Google account. Sign in there, or switch to a physical device, for testing the One Tap sign-in.