An OAuth2 client already exists for this package name and SHA-1 in another project

Why am I seeing this?

This error occurs if we detect that another Firebase or Google Cloud project contains an OAuth 2.0 client ID with the package name and SHA-1 that you specified. When you add Firebase to an Android application in the Firebase console, we try to generate a Google OAuth 2.0 Client ID for your app, which is used to authenticate your app with some Google APIs, such as App Invites or the Drive API. For security reasons, every pairing of a package name and SHA-1 fingerprint used to create a OAuth 2.0 client ID must be unique across all Firebase and Google Cloud projects.

What impact can this have on my application?

There are currently two Firebase features that require configuring the package name and SHA-1 of your Android apps:

  • Invites: Does not function if a SHA-1 is not provided. There is currently no way to use a SHA-1 from another project.
  • Authentication: To use Google as an auth provider, you must manually whitelist the client ID from your existing project in the Sign-In configuration.

What can I do?

If you're not using Firebase Invites or Google as your Firebase Auth sign in provider, you don't need to do anything. If you are using one of these features, see which of the following scenarios best describes your situation:

I know which Google Cloud project contains the conflicting OAuth 2.0 client ID and I don't mind deleting my Firebase project or I have to use Invites.
This approach is not recommended if your Firebase app is already in production or if you have Analytics or Crash data you wish to preserve.

If you just created this project or aren't very far into adding Firebase to your app, the simplest approach is to delete your project and instead import your existing Google project. To do this:

  1. Delete your Firebase project. This action is permanent and will delete all data associated with your project.
  2. Go to the Firebase console.
  3. Click Import Google project.
  4. Select the existing project containing the OAuth 2.0 client ID and click Add Firebase.
I don't want to import my existing project and I'm not using Invites.

If you're unable to import your existing project and you don't plan to use Invites, you can manually whitelist your existing OAuth 2.0 client ID to use Google as a sign in provider.

First, find your existing project's OAuth 2.0 client ID. To do this:

  1. Go to the Credentials page of the Google Cloud console. If the project containing the OAuth 2.0 client ID doesn't open automatically, select it from the drop down menu in the upper right corner of the page.
  2. Under the OAuth 2.0 client IDs section, locate the client name containing the SHA-1 and package name you used for your Firebase project. If you're unsure which one is correct, click the name of the client to see the details.
  3. When you have located the correct client name, copy the full value in the Client ID column.

Next, whitelist this client ID for Google as a sign in provider. To do this:

  1. Go to the Firebase console and select your project.
  2. Select Auth from the menu on the left.
  3. Select the Sign in method tab.
  4. On the Sign in method page, click on Google in the Sign in providers card.
  5. Expand the Whitelist client IDs from external projects option.
  6. Paste your client ID from the Cloud console into the text field and click Add.
I don't know which project contains the conflicting OAuth 2.0 client ID.

If you don't know which project contains the conflicting OAuth 2.0 client ID, try these steps to see if you can locate it:

  1. Go to the Credentials page of the Google Cloud console.
  2. Under the OAuth 2.0 client IDs section, click the name of the client to see the SHA-1 and package name used to create the client ID. Repeat this until you find the correct client name or have tried all clients.

If you do not find a client name containing the matching SHA-1 and package name, select another project from the drop down menu in the upper right corner of the page and try the above procedure again.

In some cases, the OAuth 2.0 client may be in a project that you do not own. If you are not able to locate the conflicting project, contact Firebase support and provide them with the conflicting package name and SHA-1 fingerprint.

Was this article helpful?
How can we improve it?