The supplied auth credential is malformed or has expired

Question

In my Android app I'm signing in via Firebase AuthUI using Google sign in. That part works. Now I tried to sign in using the IdToken but I always get this error message:

com.google.android.gms.tasks.RuntimeExecutionException: com.google.firebase.auth.FirebaseAuthInvalidCredentialsException: The supplied auth credential is malformed or has expired. [ Invalid id_token in IdP response: XXXXXXX... ]

This works and logs me in successfully in my Firebase project:

@OnClick(R.id.sign_in)
public void signIn() {
    startActivityForResult(
            AuthUI.getInstance().createSignInIntentBuilder()
                    .setTheme(getSelectedTheme())
                    .setLogo(getSelectedLogo())
                    .setAvailableProviders(getSelectedProviders())
                    .setTosAndPrivacyPolicyUrls(getSelectedTosUrl(),getSelectedPrivacyPolicyUrl())
                    .setIsSmartLockEnabled(true,
                            true)
                    .build(),
            RC_SIGN_IN);
}

But trying to use signInWithCredential using credentials made from the IdToken gives me the error above:

@Override
protected void onActivityResult(int requestCode, int resultCode, Intent data) {
    super.onActivityResult(requestCode, resultCode, data);
    if (requestCode == RC_SIGN_IN) {
        handleSignInResponse(resultCode, data);
        return;
    }

}

@MainThread
private void handleSignInResponse(int resultCode, Intent data) {
    IdpResponse response = IdpResponse.fromResultIntent(data);

    if (resultCode == RESULT_OK) {
        FirebaseAuth auth = FirebaseAuth.getInstance();
        FirebaseUser firebaseUser = auth.getCurrentUser();

        if(firebaseUser != null){

            auth.getCurrentUser().getIdToken(true).addOnCompleteListener(task -> {

                String idToken = task.getResult().getToken();
                AuthCredential cred = GoogleAuthProvider.getCredential(idToken ,null);

                auth.signInWithCredential(cred).addOnCompleteListener(task1 -> 
                        Log.v(TAG,"results: " + task1.getResult()));

            });
        }
    }
}

I'm following this tutorial and my goal is to sign in to multiple Firebase projects.

Trying to sign in to a secondary Firebase project using the credentials from the IdToken above returns the same error.

FirebaseApp app = FirebaseApp.getInstance("secondary");
FirebaseAuth.getInstance(app).signInWithCredential(credential);

Answer 1

I had this error happen when Firebase had automatically signed in an existing user, but the UI was not checking for this and allowed users to atempt to sign in when already authenticated

Answer 2

I encountered this while I was developing an App in Flutter. I have the proper timezone set on my device, yet I faced this issue.

The reason was due to an obvious mistake. I didn't add this to my info.plist

<!-- Put me in the [my_project]/ios/Runner/Info.plist file -->
<!-- Google Sign-in Section -->
<key>CFBundleURLTypes</key>
<array>
    <dict>
        <key>CFBundleTypeRole</key>
        <string>Editor</string>
        <key>CFBundleURLSchemes</key>
        <array>
            <!-- TODO Replace this value: -->
            <!-- Copied from GoogleService-Info.plist key REVERSED_CLIENT_ID -->
            <string>com.googleusercontent.apps.861823949799-vc35cprkp249096uujjn0vvnmcvjppkn</string>
        </array>
    </dict>
</array>
<!-- End of the Google Sign-in Section -->

The official documentation link is here

Answer 3

I got this error when the time or time zone on the device was wrong. Setting the correct time solved it.