Skip to content

Google Login on Android

GitHub

In this guide, you will learn how to setup Google Login with Capgo Social Login for Android. I assume that you have already read the general setup guide.

In this part, you will learn how to setup Google login in Android.

  1. Create an Android client ID.

    1. Click on the search bar

      Google Console search bar
    2. Search for credentials and click on the APIs and Services one (number 2 on the screenshot)

      Search results showing credentials option with APIs and Services highlighted
    3. Click on the create credentials

      Create credentials button in Google Console
    4. Select OAuth client ID

      OAuth client ID option in credentials creation menu
    5. Select the Android application type

      Application type selection with Android option highlighted
    6. Open Android Studio

    7. At the very bottom of the navigator, find the Gradle Scripts

      Gradle Scripts section in Android Studio project navigator
    8. Find build.gradle for the module app

      build.gradle (Module: app) file in Gradle Scripts section
    9. Copy the android.defaultConfig.applicationId. This will be your package name in the Google console

      Build.gradle file showing applicationId configuration
    10. Now, open the terminal. Make sure that you are in the android folder of your app and run ./gradlew signInReport

    Terminal showing gradlew signInReport command
    1. Scroll to the top of this command. You should see the following. Copy the SHA1.
    Terminal output showing SHA1 certificate fingerprint
    1. Now, go back to the Google Console. Enter your applicationId as the Package Name and your SHA1 in the certificate field and click create
    Android client creation form with package name and SHA1 fields filled in
  2. Create a web client (this is required for Android)

    1. Go to the Create credentials page in Google Console

    2. Set application type to Web

      Application type selection with Web option highlighted
    3. Click Create

      Web client creation form with Create button at bottom
    4. Copy the client ID, you’ll use this as the webClientId in your JS/TS code

      Client ID details showing Web client ID to copy
  3. Modify your MainActivity

    1. Please open your app in Android Studio. You can run cap open android

    2. Find MainActivity.java

      1. Open the app folder

        App folder in Android Studio project navigator
      2. Find java

        Java folder in Android Studio project structure
      3. Find your MainActivity.java and click on it

        MainActivity.java file in package structure
    3. Modify MainActivity.java. Please add the following code

      import ee.forgr.capacitor.social.login.GoogleProvider;
      import ee.forgr.capacitor.social.login.SocialLoginPlugin;
      import ee.forgr.capacitor.social.login.ModifiedMainActivityForSocialLoginPlugin;
      import com.getcapacitor.PluginHandle;
      import com.getcapacitor.Plugin;
      import android.content.Intent;
      import android.util.Log;
      import com.getcapacitor.BridgeActivity;
      // ModifiedMainActivityForSocialLoginPlugin is VERY VERY important !!!!!!
      public class MainActivity extends BridgeActivity implements ModifiedMainActivityForSocialLoginPlugin {
      @Override
      public void onActivityResult(int requestCode, int resultCode, Intent data) {
      super.onActivityResult(requestCode, resultCode, data);
      if (requestCode >= GoogleProvider.REQUEST_AUTHORIZE_GOOGLE_MIN && requestCode < GoogleProvider.REQUEST_AUTHORIZE_GOOGLE_MAX) {
      PluginHandle pluginHandle = getBridge().getPlugin("SocialLogin");
      if (pluginHandle == null) {
      Log.i("Google Activity Result", "SocialLogin login handle is null");
      return;
      }
      Plugin plugin = pluginHandle.getInstance();
      if (!(plugin instanceof SocialLoginPlugin)) {
      Log.i("Google Activity Result", "SocialLogin plugin instance is not SocialLoginPlugin");
      return;
      }
      ((SocialLoginPlugin) plugin).handleGoogleLoginIntent(requestCode, data);
      }
      }
      // This function will never be called, leave it empty
      @Override
      public void IHaveModifiedTheMainActivityForTheUseWithSocialLoginPlugin() {}
      }
    4. Save the file

  4. Use Google Login in your application

    1. First, import SocialLogin

      import { SocialLogin } from '@capgo/capacitor-social-login';
    2. Call initialize. This should be called only once.

      // onMounted is Vue specific
      // webClientId is the client ID you got in the web client creation step not the android client ID.
      onMounted(() => {
      SocialLogin.initialize({
      google: {
      webClientId: '673324426943-avl4v9ubdas7a0u7igf7in03pdj1dkmg.apps.googleusercontent.com',
      }
      })
      })
    3. Call SocialLogin.login. Create a button and run the following code on click.

      const res = await SocialLogin.login({
      provider: 'google',
      options: {}
      })
      // handle the response
      console.log(JSON.stringify(res))
  5. Configure the emulator for testing

    1. Go into Device manager and click the plus button

      Device Manager in Android Studio with plus button highlighted
    2. Create a virtual device

      Create Virtual Device button in Virtual Device Configuration
    3. Select any device with a Play Store icon

      Hardware selection showing devices with Play Store support

      As you can see, the pixel 8 supports the Play Store services

    4. Click next

      Next button in device creation wizard
    5. Make sure that the OS image is of type Google Play. IT MUST be of type Google Play

      System image selection showing Google Play type images
    6. Click next

      Next button in system image selection screen
    7. Confirm your device. You can name your emulator as you prefer

      Device configuration verification screen with Finish button
    8. Go into Device Manager and boot up your simulator

      Device Manager with virtual device listed and play button
    9. After the simulator boots up, go into its settings

      Android emulator showing settings app
    10. Go into Google Play

    Settings screen with Google Play option
    1. Click Update and wait about 60 seconds
    Google Play update screen with Update button
  6. Test your application

    If you did everything correctly, you should see the Google login flow working properly:

    Demo of Google login flow on Android showing sign-in process and successful authentication

If you have any issues, first compare your app configuration with the Google Cloud Console values. Android Google Sign-In failures are usually caused by a package name, SHA-1, or client ID mismatch.

On Android this plugin uses Google Credential Manager (androidx.credentials and Sign in with Google), not the legacy GoogleSignInClient API. Logcat errors such as GetCredentialCustomException: [28444] Developer console is not set up correctly come from that stack.

Filter Logcat with GoogleProvider or CapgoSocialLogin after a failed login. The plugin logs your package name, signing SHA-1, and a masked webClientId so you can compare them against Google Cloud Console.

You need two kinds of OAuth 2.0 client IDs in the same Google Cloud project:

Client typeUsed forWhere it goes
Web applicationServer / ID token audiencewebClientId in SocialLogin.initialize()
Android, one per signing keyProves your APK is allowed to call GoogleGoogle Cloud Console only. Do not pass this ID to webClientId

A common mistake is using the Android client ID as webClientId. Credential Manager requires the Web client ID there. The Android client only needs the correct package name and SHA-1 registered in the console.

Create one Android OAuth client for each certificate that signs builds you test:

  • Debug: from ./gradlew signingReport for the debug variant.
  • Release: from the APK or AAB you actually install.
  • Play App Signing: from Play Console > App integrity > App signing key certificate. This is required for Play Store builds even if your upload key SHA-1 is already registered.

The applicationId in android/app/build.gradle must exactly match the Android OAuth client package name, including any .debug suffix.

If the OAuth consent screen is in Testing mode, add every Google account you test with under Audience > Test users. Publishing the app to Production is not required for email and profile scopes. Digital Asset Links (assetlinks.json) are not required for Sign in with Google through Credential Manager.

Google Cloud changes can take up to a few hours to propagate.

Error 28444: Developer console is not set up correctly

Section titled “Error 28444: Developer console is not set up correctly”

This almost always means Google rejected the combination of installed APK signing certificate, package name, and webClientId. Work through this checklist:

  1. Confirm webClientId is the Web application client ID and ends with .apps.googleusercontent.com.
  2. Run the app, reproduce the failure, and read Logcat for GoogleProvider, signingSha1=, and package=.
  3. In Google Cloud Console > Credentials, open your Android OAuth client and verify the exact package name and SHA-1.
  4. If testing a release build, register the SHA-1 from that build, not only the debug keystore.
  5. If the app is distributed through Play Store, also register the Play App Signing SHA-1.
  6. Ensure Web and Android clients live in the same Google Cloud project.
  7. If the consent screen is in Testing, confirm the Google account is a test user.
  8. Wait and retry after console changes.

USER_CANCELLED after picking an account on a misconfigured debug build can still be a SHA-1 or client ID mismatch. Fix the console setup above first.

Debug or local builds:

Terminal window
cd android && ./gradlew signingReport

Signed release APK:

Terminal window
keytool -printcert -jarfile android/app/release/app-release.apk

Add that SHA-1 to an Android OAuth client with the matching package name, reinstall the same signed APK, and test again:

Terminal window
adb install android/app/release/app-release.apk

Tokens are nested under result:

const login = await SocialLogin.login({ provider: 'google' });
const idToken = login.result?.idToken;

For Firebase Auth, create credentials with that idToken and use the Web client ID as webClientId in initialize.

If you cannot get the development SHA-1 certificate, try a custom keystore. This issue comment explains how to add a keystore to your project.

If you are using Google Login on Android to plan authentication and account flows, connect it with Using @capgo/capacitor-social-login for the native capability in Using @capgo/capacitor-social-login, @capgo/capacitor-social-login for the implementation detail in @capgo/capacitor-social-login, @capgo/capacitor-passkey for the implementation detail in @capgo/capacitor-passkey, @capgo/capacitor-native-biometric for the implementation detail in @capgo/capacitor-native-biometric, and Two-factor authentication for the implementation detail in Two-factor authentication.