Firebase Auth: Requests from this Android client application com.xxx are blocked

Question

I'm implementing the standard tutorial for Firebase AuthUI in my android app. However, when testing I try to sign-in using Google sign-in from within the app and get the following exception:

com.google.firebase.FirebaseException: An internal error has occurred. 
[ Requests from this Android client application com.xxx are blocked. ]

The app displays the "Google SmartLock" banner as if it's signing me in, but then disappears and in the logcat I see the error above.

I verified that my SHA-1 certificate fingerprints for both debug and release are in the Firebase console. I've been using them for some time in this app so I know they are correct.

I have enabled both Google sign-in and email sign-in on the Firebase Auth Console. I've tried both email/google sign-in and both processes begin but fail with the same exception. I have also downloaded and used a new google-services.json file -- no change.

The application name is correct. Why are they blocking me? Has anyone had any luck contacting firebase support?

Here's a snippet from build.gradle:

api 'com.android.support:support-v4:27.1.1'
api 'com.android.support:appcompat-v7:27.1.1'
api 'com.android.support.constraint:constraint-layout:1.1.2'
api 'com.google.firebase:firebase-storage:16.0.1'
api 'com.google.firebase:firebase-core:16.0.1'
api 'com.google.android.gms:play-services-maps:15.0.1'
api 'com.google.android.gms:play-services-location:15.0.1'
api 'com.google.android.gms:play-services-ads:15.0.1'
api 'com.google.code.findbugs:jsr305:3.0.2'
api 'com.google.apis:google-api-services-storage:v1-rev68-1.21.0'
implementation 'com.firebaseui:firebase-ui-storage:0.6.0'
implementation 'com.firebaseui:firebase-ui-auth:4.0.0'
testImplementation 'junit:junit:4.12'

Logcat:

/com.x.x W/BiChannelGoogleApi: [FirebaseAuth: ] getGoogleApiForMethod() returned Gms: com.google.firebase.auth.api.internal.zzal@13ca6fd
/com.x.x D/FA: Logging event (FE): user_engagement(_e), Bundle[{firebase_event_origin(_o)=auto, engagement_time_msec(_et)=12629, firebase_screen_class(_sc)=PhotoActivity, firebase_screen_id(_si)=-1316627329056180637}]
/com.x.x D/FA: Logging event (FE): screen_view(_vs), Bundle[{firebase_event_origin(_o)=auto, firebase_previous_class(_pc)=PhotoActivity, firebase_previous_id(_pi)=-1316627329056180637, firebase_screen_class(_sc)=KickoffActivity, firebase_screen_id(_si)=-1316627329056180636}]
/com.x.x D/FA: Connected to remote service
/com.x.x D/FA: Logging event (FE): user_engagement(_e), Bundle[{firebase_event_origin(_o)=auto, engagement_time_msec(_et)=1312, firebase_screen_class(_sc)=KickoffActivity, firebase_screen_id(_si)=-1316627329056180636}]
/com.x.x D/FA: Logging event (FE): screen_view(_vs), Bundle[{firebase_event_origin(_o)=auto, firebase_previous_class(_pc)=KickoffActivity, firebase_previous_id(_pi)=-1316627329056180636, firebase_screen_class(_sc)=SingleSignInActivity, firebase_screen_id(_si)=-1316627329056180635}]
/com.x.x D/FA: Logging event (FE): screen_view(_vs), Bundle[{firebase_event_origin(_o)=auto, firebase_previous_class(_pc)=SingleSignInActivity, firebase_previous_id(_pi)=-1316627329056180635, firebase_screen_class(_sc)=SignInHubActivity, firebase_screen_id(_si)=-1316627329056180634}]
/com.x.x W/BiChannelGoogleApi: [FirebaseAuth: ] getGoogleApiForMethod() returned Gms: com.google.firebase.auth.api.internal.zzal@13ca6fd
/com.x.x D/FA: Logging event (FE): screen_view(_vs), Bundle[{firebase_event_origin(_o)=auto, firebase_previous_class(_pc)=SignInHubActivity, firebase_previous_id(_pi)=-1316627329056180634, firebase_screen_class(_sc)=SingleSignInActivity, firebase_screen_id(_si)=-1316627329056180635}]
E/Volley: [23564] BasicNetwork.performRequest: Unexpected response code 403 for https://www.googleapis.com/identitytoolkit/v3/relyingparty/verifyAssertion?alt=proto&key=[key]
E/Volley: [23564] BasicNetwork.performRequest: Unexpected response code 403 for https://www.googleapis.com/identitytoolkit/v3/relyingparty/verifyAssertion?alt=proto&key=[key]
I/AuthChimeraService: Error description received from server: Requests from this Android client application com.x.x are blocked.

/com.x.x E/AuthUI: A sign-in error occurred.
com.google.firebase.FirebaseException: An internal error has occurred. [ Requests from this Android client application com.x.x are blocked. ]

Answer 1

DON'T SET YOUR RESTRICTIONS TO NONE!

1. Generate your SHA-1 certificate.

2. Head to Firebase -> Project settings and click "Add" under SHA certificate fingerprints.

3. Open your Cloud Console and go to APIs & Services. You'll see a new created OAuth 2.0 Client IDs with the SHA-1 certificate you just generated.

4. Scroll up to the API Keys table and click the API key you are using in your project.

5. You'll see a Key restrictions section and there are one or more certificates over there.

6. Click ADD and add your SHA-1 certificate and save it.

Done.

The problem is that the Firebase did help you add this credential to your Google Cloud account. But it did not finish it. There are restrictions under your API key. So you have to add your SHA-1 certificate manually.

Answer 2

If you ended up here while enabling AppCheck on Android Emulator or React Native Android app because the debug token didn't work:

1. Go to https://console.cloud.google.com/apis
2. Click Android key (auto created by Firebase)
3. Under "Android restrictions": Add your package name and its SHA-1 certificate

Answer 3

I was having the same issue when I changed the android project to a new pc meaning I was now using a new SHA 1 that was being restricted not unless you update it on google cloud console as well as on your firebase cloud console .

To update it on google cloud console go to google cloud - credentials - Android key (auto created by Firebase) - edit Api keys - add and save your new SHA 1.

Answer 4

You can follow these steps
console.cloud.google.com

if you project not selected, then select your project

then select credentials and select your api key which one is restricted

then select none or you can give restriction by your sha1

Answer 5

I tried everything described here but nothing helped after wasting many hours. Adding sha1 key from app Google Play App Signing didn't help.

Then I turned off "Android key (auto created by Firebase)" restrictions and everything started working again.

Still don't know how to keep key restricted but firebase working.

Answer 6

After following most of the other answers, I could not get it to work for either the Google Play Store or debug versions. I seemingly checked everything logical, and nothing made a change.

If nothing works, I suggest simply creating a new Firebase project, depending on how much trouble it is causing you it will be much faster. At leasts test right away with a new Firebase project if it works. If it works with the new Firebase project, then you know that it is not related to your code, but your Firebase project configuration.

Answer 7

I fixed this error by putting the two SHA-1s of google play console in firebase and the google cloud console plus the debugging SHA-1 for both. Here I hope this will help you.

Answer 8

Our app was working correctly in production for many months and then we started running into this same error recently (July 2021) after upgrading the Firebase SDK's to the latest version.

We found the solution in the Firebase Phone Auth Docs which state:

If a user has a device with Google Play Services installed, and Firebase Authentication can verify the device as legitimate with Android SafetyNet, phone number sign-in can proceed.

As the docs suggest, the solution was to go to the Android Device Verification API and enable the API for our project in Google Cloud.

BEFORE (not working)

AFTER (working)

After making that change, all of our phone number sign-in / sign-up functionality started working again almost instantly.

Answer 9

In my case I followed these to encounter this problem:

• First I deleted SHA-1 & SHA - 256 keys.
• Build my Gradle.
• Added FirebaseApp.initializeApp(this); in my BAseapp.
• Again added my SHA Keys both of them and run my app.
• Issue Resolved.

Answer 10

For anyone else who might be facing this problem, it is possible that you are using Internal App Sharing on the Play console, with Google signing enabled. If so, you may have forgotten to add their debug SHA-1 key to your firebase console.

Pretty hard to debug, or find an answer, so I'm hoping I've added all the right keywords to help the next guy.

Answer 11

I've had this problem and looked left and right for a solution. Turns out, in my case at least, that you actually need to go the Credentials screen in the Google Cloud Platform and there you'll find this:

Restrict usage to your Android apps Add your package name and SHA-1 signing-certificate fingerprint to restrict usage to your Android apps

There you can ADD NEW ITEM, meaning your application package and its SHA-1 signature. Then you won't have this problem anymore (assuming the rest of the configuration is done). My app had its key restricted for Android apps and this step was a necessary one.

Answer 12

If you are published app to google play store and then show this error:

[ Requests from this Android client application com.x.x are blocked. ]

Here a solution to solve your problem very easily.

1. Open google play console -> https://play.google.com/apps/publish
2. Got to your specific app which app show error.
3. Then go Setup -> App signin
4. And finally you got your SHA-1 certificate fingerprint

To find your SHA-1 certificate fingerprint, go to console.cloud.google.com/apis/credentials?project. Or go to the console.cloud.google.com -> Click on the hamburger icon on the top left -> APIs and Services -> Credentials. And change your all SHA-1 certificate fingerprint.

Answer 13

I also appeared in same problem, when I changed platform for my Project. Even I added SHA-1 key to firebase console it was not working. After I checked in Google cloud platform (console.cloud.google.com) with my project name. I show that Auto generated API key does not contains my new SHA-1 key. so I updated it manually by adding project's package name and SHA key and it works.

Answer 14

In my case:

If you are using Google Play App Signing, just login into Firebase go into "project settings"->"integration" and press a button to link Google Play with firebase, SHA-1 will be added automatically. Download and change your new google-services.json

If you keep having problems, go to Google Cloud API, click on the hamburger icon on the top left -> APIs and Services -> Credentials. Choose the API Key that you're using. Under restrictions, select "None".

Answer 15

I noticed that for some reason on my Google Credentials API Key restriction, my SHA-1 fingerprint wasn't included.

To find your API Key, go to console.cloud.google.com/apis/credentials?project=. Or go to the console.cloud.google.com -> Click on the hamburger icon on the top left -> APIs and Services -> Credentials

Choose the API Key that you're using. -Under "App Restrictions", choose "Android Apps" (If you're build an Android app for example) -Under "Restrict usage to your Android apps", Click "Add an item" -Enter your package name and your SHA-1 Fingerprint

To know how to find your SHA-1 Fingerprint, LINK

The signingReport task may be under Gradle(on the right vertical band) app -> tasks -> android

Answer 16

I just faced the same problem today and fortunately solved the problem. I still don't have any idea why this was happening but here are the steps I had taken to solve :

1. Delete the already added SHA-1 signing-certificate fingerprint in the Firebase console settings.
2. Go to android studio and Sync Project with Gradle Files.
3. Add SHA-1 signing-certificate fingerprint again to the Firebase Console Settings.

Here is how you can add SHA-1 signing-certificate fingerprint to firebase : CLICK HERE

Answer 17

The Google Cloud API key I was using was restricted to android with my package name, but only the production SHA-1 certificate fingerprint was given, not the debug key. I added the debug key's SHA-1 certificate along with the package name so that both production and debug certificates appear in the "Application Restrictions" for the key and it worked. Apparently being "blocked" by firebase means your API key may be restricted improperly.