Fixing Expo EAS's Firebase Developer Error Code 10 with Google Sign-In

Setting Up Google Sign-In for Your Expo EAS Android App: Common Pitfalls and Fixes

Building an app can be exhilarating, especially when implementing features that connect seamlessly with popular services like Google Sign-In. However, any developer who has integrated Firebase authentication with Google Cloud on an Expo EAS project may have run into the dreaded “.” 😬

This error often arises when setting up the library in production, causing unexpected disruptions that don’t show up in local development builds. It’s a common roadblock that can leave developers scratching their heads, especially when all configurations appear to be correctly set up.

One tricky aspect of this error is the nuanced setup process involving the correct SHA1 and SHA256 fingerprints, , and managing Firebase and Google Play Console settings. Missing even a small detail here can lead to authentication errors in the production environment.

In this guide, we’ll delve into why Developer Error Code 10 occurs, identify the potential misconfigurations, and walk through real-world solutions to ensure that your Google Sign-In works smoothly. Let’s make sure your users can log in effortlessly and keep those production errors at bay! 🚀

Command	Example of use
OAuth2Client	Creates a client instance from Google’s OAuth2 library to verify ID tokens. This is critical for securely handling and validating Google Sign-In tokens on the backend.
client.verifyIdToken	Used with OAuth2Client, this method verifies the integrity of a user’s ID token by decoding it. Essential for ensuring the token is valid and generated by Google.
GoogleSignin.configure	Configures the Google Sign-In library on the frontend by setting the web client ID. This links the client to the correct Google project, necessary for authentication to work.
auth.GoogleAuthProvider.credential	Creates a Firebase authentication credential using the Google ID token. This allows Firebase to recognize Google Sign-In as a login method.
admin.auth().getUserByEmail	Fetches a Firebase user by their email on the backend. Often used to retrieve or check if a Google account already exists in Firebase.
expo.plugins	Configured within Expo’s app.json, this adds the Google Sign-In plugin, ensuring that Expo is aware of Google authentication requirements for the app build.
jest.mock	Makes it possible to mock a module’s implementation for testing. Here, it’s used to simulate Google Sign-In functions, allowing test validation without actual authentication requests.
hasPlayServices	A Google Sign-In method that checks if the device has Google Play Services, ensuring compatibility before attempting to authenticate.
GoogleSignin.signIn	Initiates the Google Sign-In process on the frontend. This returns an ID token if successful, enabling further authentication processes.
admin.credential.applicationDefault	Initializes Firebase Admin SDK with default credentials. This setup allows secure backend operations and access to Firebase services without needing to hard-code credentials.

Understanding and Implementing Google Sign-In with Firebase in Expo

To set up Google Sign-In in an Expo-managed React Native project, the backend and frontend need to be configured carefully. Starting with the backend, we initialize the Firebase Admin SDK to handle user management securely. This is done by setting up OAuth2Client, which allows our server to interact with Google APIs and verify tokens issued by Google’s authentication service. The function, which uses the OAuth2 client, plays a critical role by decoding and validating the token received from the frontend. Without this verification, the app cannot reliably determine that a user’s sign-in request is legitimate, and any inconsistency here can lead to Developer Error Code 10, which is often encountered when tokens don’t match expected configurations in Firebase. This configuration step on the backend provides robust security as we ensure only authorized Google accounts can interact with Firebase’s authentication.

On the frontend, Google Sign-In is configured using the function, which links the app to Google Cloud through the Web Client ID generated in Firebase. By linking this ID, Google and Firebase “recognize” our app and allow secure sign-ins. After this, when a user tries to sign in, the app calls , which initiates the login process and retrieves an ID token if successful. This ID token acts as proof of the user’s Google authentication, and we pass it to Firebase to finalize login. The need to call before actual sign-in is important too; this step checks if the device is compatible by confirming Google Play Services are available, reducing issues related to device compatibility and making the login experience smoother. This command may seem simple, but its significance lies in ensuring the app doesn’t encounter unexpected failures on incompatible devices.

The server-side function plays a role in checking if the Google account already exists in Firebase’s user records. If the user doesn’t yet exist, Firebase can create a new record, facilitating seamless user onboarding. On the Expo side, in the app.json file, we add specific SHA1 fingerprints and the Google Sign-In plugin to connect the Expo environment with Firebase and Google Cloud accurately. This step bridges the front-end configuration with Firebase’s settings, ensuring no mismatches between the credentials used locally and those required in production. Each setting in this configuration serves to reduce the likelihood of Developer Error Code 10 appearing in the production build.

Finally, writing unit tests using Jest validates each function’s behavior. Testing Google Sign-In by mocking the GoogleSignin and other essential methods helps identify issues in the development phase, making production errors less likely. For instance, the mocked signIn method enables testing without relying on an actual Google account login, verifying that the app behaves correctly when a valid token is returned or when an error is encountered. This complete workflow, from configuration to testing, ensures Google Sign-In works effectively and reduces issues that often arise from incomplete or incorrect backend and frontend setups. With this comprehensive approach, you can make Google Sign-In a smooth, reliable experience in your Expo app! 🚀

const admin = require('firebase-admin');
const { OAuth2Client } = require('google-auth-library');

// Initialize Firebase Admin SDK
admin.initializeApp({
  credential: admin.credential.applicationDefault(),
  databaseURL: 'https://your-firebase-project.firebaseio.com'
});

// Google OAuth2 Client configuration
const client = new OAuth2Client("YOUR_CLIENT_ID.apps.googleusercontent.com");

// Validate Google token from client-side login
async function verifyGoogleToken(token) {
  try {
    const ticket = await client.verifyIdToken({
      idToken: token,
      audience: "YOUR_CLIENT_ID.apps.googleusercontent.com",
    });
    const payload = ticket.getPayload();
    return payload;
  } catch (error) {
    console.error("Token verification error:", error);
    throw new Error("Invalid Google Token");
  }
}

// Main function to handle Google Sign-In
exports.googleSignIn = async (req, res) => {
  const token = req.body.token;
  if (!token) return res.status(400).send("Token not provided");
  try {
    const userInfo = await verifyGoogleToken(token);
    const userRecord = await admin.auth().getUserByEmail(userInfo.email);
    res.status(200).send(userRecord);
  } catch (error) {
    res.status(401).send("Authentication failed");
  }
};

import { GoogleSignin } from '@react-native-google-signin/google-signin';
import auth from '@react-native-firebase/auth';

// Configure Google Sign-In in Firebase and set the Web Client ID
GoogleSignin.configure({
  webClientId: 'YOUR_CLIENT_ID.apps.googleusercontent.com',
});

export async function googleLogin() {
  try {
    await GoogleSignin.hasPlayServices();
    const { idToken } = await GoogleSignin.signIn();
    const googleCredential = auth.GoogleAuthProvider.credential(idToken);
    await auth().signInWithCredential(googleCredential);
    console.log("Login successful");
  } catch (error) {
    console.error("Google Sign-In error:", error);
  }
}

// Configure Google OAuth Client ID in Expo's app.json
{
  "expo": {
    "plugins": ["@react-native-google-signin/google-signin"],
    "android": {
      "config": {
        "googleSignIn": {
          "apiKey": "YOUR_API_KEY",
          "certificateHash": "SHA1_CERTIFICATE_FROM_GOOGLE_PLAY"
        }
      }
    }
  }
}

// Note: Make sure to add SHA1 and SHA256 fingerprints in Firebase Console
// under Project Settings > General > Your apps > App Fingerprints.

import { render, fireEvent } from '@testing-library/react-native';
import { googleLogin } from './GoogleSignIn';
import { GoogleSignin } from '@react-native-google-signin/google-signin';

// Mock Google Sign-In
jest.mock('@react-native-google-signin/google-signin', () => ({
  GoogleSignin: {
    signIn: jest.fn(() => ({ idToken: 'dummy-token' })),
    hasPlayServices: jest.fn(() => true),
  }
}));

describe('Google Sign-In', () => {
  test('should sign in with Google successfully', async () => {
    await expect(googleLogin()).resolves.not.toThrow();
  });

  test('should handle sign-in failure gracefully', async () => {
    GoogleSignin.signIn.mockImplementationOnce(() => {
      throw new Error("Sign-in error");
    });
    await expect(googleLogin()).rejects.toThrow("Sign-in error");
  });
});

Effective Debugging and Best Practices for Google Sign-In Integration in Expo EAS

When integrating within Expo EAS, one essential aspect that may be overlooked is managing the keystores and effectively across various environments. Google authentication depends on matching SHA fingerprints, so the keys used in local testing, development builds, and production builds on the Google Play Console must be consistent. A common issue is adding only the SHA1 key to Firebase, which is not enough for production environments. Both and SHA256 fingerprints should be configured correctly in Firebase and Google Play Console to ensure seamless user authentication. This critical configuration allows Firebase to trust your app regardless of the environment it’s running in, helping to avoid Developer Error Code 10 and improving the overall stability of your Google Sign-In integration.

Another often-missed configuration involves selecting the correct OAuth 2.0 Client ID type on Google Cloud Console. When using Firebase with Expo, the client ID generated in the Google Console should be set to Web Client, and the same webClientId should be provided on the frontend via . While this may seem unusual (as you might expect to use an Android Client ID), Expo requires this configuration to handle Google Sign-In across both iOS and Android efficiently. Additionally, enabling error handling and debugging on both frontend and backend with clear error messages and logging helps detect if issues stem from mismatched credentials or missing configurations.

Finally, if an error persists in the production build, consider using Expo’s development builds with production configurations. This helps to emulate a production-like environment locally and can highlight issues that may only appear in production, such as misconfigurations on the Google Play Console. Testing in this way ensures that all configurations, including those within and , are correctly recognized in the final production release, reducing errors and enhancing the user experience.

1. What causes Developer Error Code 10 in Google Sign-In?
2. Developer Error Code 10 often appears when are missing or don’t match between Firebase and the Google Play Console.
3. Do I need both SHA1 and SHA256 certificates for Firebase?
4. Yes, both and certificates are recommended, especially for production builds. This ensures your app can authenticate correctly in all environments.
5. Why is a Web Client ID used instead of an Android Client ID?
6. Expo requires a to manage Google Sign-In for both iOS and Android, so this ID type must be used in your configuration.
7. How can I check if my device has Google Play Services?
8. On the frontend, use to check for Google Play Services availability, which is required for Google Sign-In on Android.
9. What is the purpose of GoogleSignin.configure?
10. sets up your Google Sign-In client with the required client ID, enabling Firebase to recognize your app during sign-in.
11. Why do I only see the error in production but not in development?
12. This issue often arises from production-only configurations, like those on the Google Play Console. Development builds may work due to different key configurations.
13. What permissions are needed for Google Sign-In?
14. Basic authentication permissions are usually enough, but your app may request additional scopes if specific Google APIs are required.
15. How can I test production settings without deploying to the Play Store?
16. Use Expo’s development build with production configurations locally, which allows you to simulate a production environment without deploying.
17. How do I handle error logging for Google Sign-In in Expo?
18. Implement custom error messages on both frontend and backend using blocks to identify specific configuration issues during sign-in.
19. Is Firebase required for Google Sign-In?
20. No, Firebase isn’t required, but it simplifies authentication setup by integrating with Google’s OAuth system easily.

Setting up Google Sign-In with Expo EAS and Firebase requires careful attention to details like SHA certificates and OAuth Client IDs. Minor oversights here can lead to issues that only appear in production, like Developer Error Code 10. With the right configurations, developers can achieve secure and smooth sign-in flows for their users. 🚀

Incorporating methods such as configuring Web Client IDs, managing SHA fingerprints, and testing in a production-like environment on Expo ensures an optimized, error-free sign-in process. As always, testing, logging, and error-handling enhance reliability and user experience when deploying the app to a broader audience. 👍