Skip to main content

Android setup

Config files

OAuth, SHA-1, google-services.json, and file paths: Google Cloud & config files.

Quick checklist

StepWhy
Android OAuth client (package + SHA-1)RequiredGoogle validates app identity; missing SHA-1 → DEVELOPER_ERROR
google-services.json in android/app/Required for autoDetectSource for default_web_client_id
Google Services Gradle pluginRequired for autoDetectProcesses JSON into Android resources
Explicit webClientId in JSOptionalReplaces JSON + Gradle; SHA-1 still required
checkPlayServices() before sign-inRequired (Android)Credential Manager Google ID flow needs Play services on the device
Credential Manager + GMS Maven deps in your appOptional (omit)Already bundled by this library (see below)
Expo googleServicesFile + prebuildRequired for autoDetect (Expo)Config plugin applies Gradle for you
Release minifyEnabled trueOptionalConsumer ProGuard rules ship with the library — details

Credential Manager & Google Play Services

Android sign-in in this library uses Jetpack Credential Manager with Sign in with Google (GetGoogleIdOption / GetSignInWithGoogleOption). That is not the same as “password-only” Credential Manager or generic passkeys without Google.

Short answer

TopicFor this library
androidx.credentials + credentials-play-services-authAlready included — do not add duplicate dependencies in your app unless you use Credential Manager for other providers too
Google Play Services on the deviceRequired — call checkPlayServices() before sign-in; use an emulator/system image with Google Play
Google Services Gradle plugin + google-services.jsonRequired only for webClientId: 'autoDetect' — not required for GMS itself; see omit section
SHA-1 + Web OAuth client IDRequired — use the Web client ID in configure(), never the Android client ID

What Credential Manager needs (background)

The core androidx.credentials:credentials artifact can handle passwords and third-party password managers without GMS. You only need the Play Services bridge when you want:

  • Sign in with Google via Credential Manager (this library), or
  • Passkeys on Android 13 and below (Credential Manager backports via Play Services)

Because react-native-nitro-google-signin only supports Google sign-in, the GMS-related artifacts are always part of the native module.

Dependencies shipped by this library

You do not need to copy these into your app’s build.gradle for this package to work — they are declared in the library’s android/build.gradle:

implementation "androidx.credentials:credentials:1.5.0"
implementation "androidx.credentials:credentials-play-services-auth:1.5.0"
implementation "com.google.android.libraries.identity.googleid:googleid:1.2.0"
implementation "com.google.android.gms:play-services-auth:21.6.0"
Optional in your app — only if you use Credential Manager elsewhere

Why optional: If you also implement your own Credential Manager flows (passwords, passkeys, 1Password, etc.), add matching androidx.credentials versions in your android/app/build.gradle and align versions with the library to avoid duplicate-class issues. For Google sign-in only through this package, add nothing.

Native code passes your Web client ID into GetGoogleIdOption.Builder().setServerClientId(...) — never the Android OAuth client ID:

// Inside the library — use Web client ID from configure() / autoDetect
GetGoogleIdOption.Builder()
  .setServerClientId(webClientId)  // *.apps.googleusercontent.com (Web type)

When you NEED extra project setup (beyond npm install)

ItemWhy
Device/emulator with Google PlayRequiredcredentials-play-services-auth delegates Google ID tokens to Play services on API ≤ 33
checkPlayServices() in JSRequiredSurfaces missing/outdated Play services before getCredential fails
Web OAuth client ID in configure()RequiredsetServerClientId must be the Web client; Android client ID → DEVELOPER_ERROR
Android OAuth client + SHA-1 (and SHA-256 in Firebase)RequiredTies your signing cert + package to Google Cloud
Google Services Gradle plugin + google-services.jsonRequired for autoDetect onlyGenerates default_web_client_id; unrelated to adding credentials to your app

When you can OMIT Google Services plugin and JSON

Optional — explicit webClientId

Why you can omit: google-services.json and com.google.gms.google-services only feed default_web_client_id for 'autoDetect'. If you pass the Web client ID string in JavaScript, skip the file and Gradle plugin entirely.

OmitSafe whenStill required
google-services.jsonwebClientId: 'YOUR_WEB_CLIENT_ID.apps.googleusercontent.com'SHA-1, Android OAuth client, Play services on device
Root classpath("com.google.gms:google-services:…")Same as above
apply plugin: "com.google.gms.google-services"Same as above
Firebase Android app in consoleYou use Google Cloud Console OAuth onlyWeb + Android OAuth clients

You cannot omit Play services on the device or the Web client ID when using this library.

When GMS Maven deps are omittable in general (not this library)

Educational — does not apply to Google Sign-In apps

Why this section exists: A plain Credential Manager app that only targets Android 14+ (API 34+) and only supports username/password or OS/3rd-party passkeys (no Google button) can skip credentials-play-services-auth. This library is not that use case — Sign in with Google always needs the Play Services auth bridge, which we ship for you.

Implementation checklist (Sign in with Google)

#StepWhy
1Install react-native-nitro-google-signin + react-native-nitro-modulesRequiredBrings Credential Manager + GMS artifacts transitively
2Register SHA-1 (and SHA-256 in Firebase)RequiredTop cause of DEVELOPER_ERROR when missing or wrong
3Create Web + Android OAuth clients in one projectRequiredWeb ID → configure(); Android ID → package + cert only
4GoogleOneTapSignIn.configure({ webClientId: … })RequiredWeb ID or 'autoDetect'
5Google Services plugin + google-services.jsonRequired for autoDetectOptional with explicit Web ID — omit
6await checkPlayServices() before sign-inRequiredValidates device Play services
7Rebuild native app after install / Gradle changesRequiredMetro does not apply native dependency or resource changes

OAuth client

Required

Why: Android sign-in is bound to your applicationId and signing certificate. Google rejects requests from unregistered apps.

  1. In Google Cloud, create an Android OAuth client with your applicationId / package name.
  2. Add SHA-1 fingerprints for debug and release builds (Google Cloud setup).

SHA-1 fingerprint field on the Android OAuth client

Google Services Gradle plugin & google-services.json

Gradle setup for react-native-nitro-google-signin when using webClientId: 'autoDetect':

Path comparison

Setupgoogle-services.jsonGradle pluginwebClientId
autoDetect (recommended with Firebase)RequiredRequired'autoDetect'
Explicit Web client ID onlyOptionalOptional'….apps.googleusercontent.com'
Expo + googleServicesFile in app.configRequired for autoDetectApplied by config plugin on prebuildUsually 'autoDetect'
Required for autoDetect

Why: Android reads default_web_client_id from resources. That string is generated when the Google Services plugin processes google-services.json. Without both, native code throws:

webClientId is "autoDetect" but default_web_client_id was not found. Add the Google Services plugin or pass an explicit webClientId.

Three different “Google” pieces
PieceYou add in app?Purpose
credentials + credentials-play-services-authNo (library)Credential Manager + Google ID via Play Services
play-services-authNo (library)Legacy/auth helpers used with Google ID library
Google Services Gradle plugin + JSONOnly for autoDetectWrites default_web_client_idnot a substitute for the rows above

See Credential Manager & GMS.

Without google-services.json (explicit webClientId)

Optional setup path

Why optional: No Gradle changes if you pass the Web client ID in JavaScript instead of using autoDetect.

You still need:

ItemWhy
Android OAuth client + SHA-1RequiredCertificate validation is independent of webClientId source
Web client ID in configure()RequiredNative layer needs the Web OAuth client for tokens
GoogleOneTapSignIn.configure({
  webClientId: 'YOUR_WEB_CLIENT_ID.apps.googleusercontent.com',
})

With google-services.json (bare React Native)

Use this path for autoDetect or Firebase-style config files.

1. Download google-services.json

Required for autoDetect

Why: Gradle plugin input; wrong path = resources never generated.

From Firebase Console (Android app with your applicationId) or Google Cloud. Place it in:

android/app/google-services.json

Firebase — add Android app and download google-services.json

Or from Google Cloud Console when linking an Android app:

Google Cloud — Android client and services config

Full walkthrough: Google Cloud & config files.

Confirm package_name in the JSON matches applicationId in android/app/build.gradle.

2. Update Gradle files

Required for autoDetect

Why: The classpath loads the plugin; apply plugin: "com.google.gms.google-services" runs the task that writes default_web_client_id.

Root android/build.gradle — add the Google Services classpath in buildscript.dependencies (use 4.4.0 or newer; 4.4.2 is fine):

buildscript {
    ext {
        // …
    }
    repositories {
        google()
        mavenCentral()
    }
    dependencies {
        classpath("com.android.tools.build:gradle")
        classpath("com.facebook.react:react-native-gradle-plugin")
        classpath("org.jetbrains.kotlin:kotlin-gradle-plugin")
        // Google Sign-In / Firebase — required for autoDetect on Android
        classpath("com.google.gms:google-services:4.4.2")
    }
}

apply plugin: "com.facebook.react.rootproject"

android/app/build.gradle — apply the plugin after the Android and React Native plugins (typically at the end of the file):

apply plugin: "com.android.application"
apply plugin: "org.jetbrains.kotlin.android"
apply plugin: "com.facebook.react"

// … android { } and dependencies { } …

apply plugin: "com.google.gms.google-services"

3. Rebuild

Required after Gradle / JSON changes

Why: Resource generation happens at build time; hot reload does not pick up new default_web_client_id.

cd android && ./gradlew clean
# then run from project root
bun run android   # or npx react-native run-android

See example/android/ for a bare RN project layout (the sample app uses an explicit webClientId in App.tsx, so Gradle plugin is optional there unless you switch to autoDetect).

Expo (Android)

Optional manual Gradle edits

Why optional: With expo.android.googleServicesFile (or plugin options), the config plugin adds the classpath and com.google.gms.google-services during expo prebuild. You do not edit Gradle by hand unless you customize native projects after prebuild.

Configure in JavaScript

// With google-services.json + plugin applied:
GoogleOneTapSignIn.configure({ webClientId: 'autoDetect' })

// Without google-services.json:
GoogleOneTapSignIn.configure({
  webClientId: 'YOUR_WEB_CLIENT_ID.apps.googleusercontent.com',
})

Play Services on the device

Required on Android before sign-in

Why: Sign in with Google through Credential Manager uses credentials-play-services-auth, which expects Google Play services on the device (especially Android 13 and below). This is separate from the optional Google Services Gradle plugin — you need Play services on the phone/emulator, not extra Maven lines in your app.

await GoogleOneTapSignIn.checkPlayServices()

ProGuard / R8 (release builds)

If you enable code shrinking for release (minifyEnabled true in android/app/build.gradle), R8 must not strip Nitro HybridObjects or the Google Sign-In bridge classes. This library ships consumer ProGuard rules in its AAR (android/consumer-rules.pro). Gradle merges them automatically when you depend on react-native-nitro-google-signin — you do not copy those rules into your app by hand.

What you need to do

TaskRequired?
Enable minifyEnabled true / shrinkResources on your app moduleOnly if you already ship a minified release
Add manual -keep rules for androidx.credentials, googleid, or play-services-authNo — those AndroidX / GMS artifacts bundle their own consumer rules
Add manual -keep class androidx.** { *; }No — broad AndroidX keeps bloat the APK and are redundant
Keep react-native-nitro-modules as a normal dependencyYes — Nitro core also relies on JNI; use a current peer version
Test sign-in on a release build (not only debug)Recommended after turning on R8

App proguard-rules.pro

Use your app’s android/app/proguard-rules.pro only for your code (Firebase, Retrofit, etc.). Do not duplicate this library’s Nitro keeps unless you maintain a fork.

Example release block (app module):

buildTypes {
  release {
    minifyEnabled true
    shrinkResources true
    proguardFiles getDefaultProguardFile("proguard-android-optimize.txt"), "proguard-rules.pro"
  }
}

Sign-in works in debug but fails in release

  1. Confirm the crash happens on a release APK/AAB (./gradlew :app:assembleRelease or EAS production build).
  2. Ensure you are on a recent react-native-nitro-google-signin and react-native-nitro-modules (consumer rules ship with the library).
  3. Remove redundant manual -keep class androidx.** rules from your app — they can mask real issues and increase size.
  4. If you use a custom ProGuard configuration plugin, verify it does not strip consumer rules from dependencies.
  5. Capture the release stack trace (e.g. ClassNotFoundException for HybridNitroGoogleSignin or HybridGoogleSignInButton) and compare with Troubleshooting — release / R8.

Peer react-native-nitro-modules documents its own release keeps; treat both packages as required for minified apps.

Troubleshooting

ErrorFix
default_web_client_id was not foundAdd google-services.json, apply Google Services plugin, ensure package name matches
Sign-in fails / DEVELOPER_ERRORWrong SHA-1, package name, or Android client ID used instead of Web client ID in configure()
Play Services not availableEmulator image or device without Google Play
Duplicate Credential Manager classesYou added androidx.credentials in the app with a conflicting version — align or remove duplicates
Sign-in OK in debug, broken in release (R8)Consumer rules ship with this library; avoid -keep androidx.**; see ProGuard / R8

See Troubleshooting.