android
Authenticate users with Sign in with Google GetCredentialException:During begin sign in, failure response from one tap: 16: [28433] Cannot find a matching credential.
dependent Sdk Version: implementation "androidx.credentials:credentials:1.3.0-rc01" implementation "androidx.credentials:credentials-play-services-auth:1.3.0-rc01" implementation "com.google.android.libraries.identity.googleid:googleid:1.1.1"
Test model: OPPO PDKM00 Android12
Problem occurred: GetCredentialException, During begin sign in, failure response from one tap: 16: [28433] Cannot find a matching credential. android.credentials.GetCredentialException.TYPE_NO_CREDENTIAL
Operation steps when a problem occurs:
Step 1:
Open phone settings->User and Account->Password and account Delete Google account
Step 2:
Refer to the official documentation to log in to Google https://developer.android.com/identity/sign-in/credential-manager-siwg#siwg-button
The code is as follows:
private var mCm: CredentialManager? = null fun initLogin(activity : FragmentActivity?){ mCm = CredentialManager.create(this) }
fun login(activity : FragmentActivity?){ activity?.apply { val googleIdOption: GetGoogleIdOption = GetGoogleIdOption.Builder() .setFilterByAuthorizedAccounts(true) .setServerClientId(serviceClientId) .setAutoSelectEnabled(true) .build()
val request: GetCredentialRequest = GetCredentialRequest.Builder()
.addCredentialOption(googleIdOption)
.build()
lifecycleScope.launch {
try {
val result = mCm?.getCredential(
request = request,
context = this@apply,
)
handleSignIn(result,this@apply)
} catch (e: GetCredentialException) {
**// During begin sign in, failure response from one tap: 16: [28433] Cannot find a matching credential.**
handleFailure(e)
**loginAgain(activity)**
}
}
}
}
fun loginAgain(activity : FragmentActivity?){
activity?.apply {
val googleIdOption: GetGoogleIdOption = GetGoogleIdOption.Builder()
**.setFilterByAuthorizedAccounts(false)**
.setServerClientId(defaultServiceClientId)
.build()
val request: GetCredentialRequest = GetCredentialRequest.Builder()
.addCredentialOption(googleIdOption)
.build()
lifecycleScope.launch {
try {
val result = mCm?.getCredential(
request = request,
context = this@apply,
)
handleSignIn(result,this@apply)
} catch (e: GetCredentialException) {
**// During begin sign in, failure response from one tap: 16: [28433] Cannot find a matching credential.**
}
}
}
}
Expected results: If none are found, prompt the user to sign up with their Google Account using setFilterByAuthorizedAccounts(false); pop-up interface for entering Google account:
Actual results: Following the instructions in the document, If no saved credentials are found (no Google Accounts returned by getGoogleIdOption), prompt your user to sign up. First, check if setFilterByAuthorizedAccounts(true) to see if any previously used accounts exist. If none are found, prompt the user to sign up with their Google Account using setFilterByAuthorizedAccounts(false);
an error still occurs,No pop-up interface for entering Google account: exception occurred GetCredentialException, During begin sign in, failure response from one tap: 16: [28433] Cannot find a matching credential; android.credentials.GetCredentialException.TYPE_NO_CREDENTIAL;
I'm facing this issue, too. Do you find any good solution. Thank you
Trigger a Sign in with Google button flow To trigger the Sign in with Google button flow, use [GetSignInWithGoogleOption]
Try using the following method:
fun loginAgain(activity : FragmentActivity?){
activity?.apply {
val signInWithGoogleOption: GetSignInWithGoogleOption = GetSignInWithGoogleOption.Builder()
.setServerClientId(defaultServiceClientId)
.build()
val request: GetCredentialRequest = GetCredentialRequest.Builder()
.addCredentialOption(signInWithGoogleOption)
.build()
lifecycleScope.launch {
try {
val result = mCm?.getCredential(
request = request,
context = this@apply,
)
handleSignIn(result,this@apply)
} catch (e: GetCredentialException) {
**// During begin sign in, failure response from one tap: 16: [28433] Cannot find a matching credential.**
}
}
}
}
I've already used that GetSignInWithGoogleOption but some of my user can't login. Most of them don't have any problem, but some of them can't login
Hey would you mind creating a bug for those users with all details required in that template? Please add version details, bug report, video recording, device details, api version used etc if you are able to reproduce. Sharing the bug link here : https://issuetracker.google.com/issues/new?component=1301097&template=1773864
This will help us test and verify the issue on these devices.
I am facing the same issue any solution for this ?
androidx.credentials.exceptions.NoCredentialException: During begin sign in, failure response from one tap: 16: [28433] Cannot find a matching credential. at androidx.credentials.playservices.controllers.CredentialProviderBaseController$Companion.getCredentialExceptionTypeToException$credentials_play_services_auth_release(CredentialProviderBaseController.kt:110) at androidx.credentials.playservices.controllers.BeginSignIn.CredentialProviderBeginSignInController$resultReceiver$1$onReceiveResult$1.invoke(CredentialProviderBeginSignInController.kt:93) at androidx.credentials.playservices.controllers.BeginSignIn.CredentialProviderBeginSignInController$resultReceiver$1$onReceiveResult$1.invoke(CredentialProviderBeginSignInController.kt:93) at androidx.credentials.playservices.controllers.CredentialProviderController.maybeReportErrorFromResultReceiver(CredentialProviderController.kt:159) at androidx.credentials.playservices.controllers.BeginSignIn.CredentialProviderBeginSignInController.access$maybeReportErrorFromResultReceiver(CredentialProviderBeginSignInController.kt:56) at androidx.credentials.playservices.controllers.BeginSignIn.CredentialProviderBeginSignInController$resultReceiver$1.onReceiveResult(CredentialProviderBeginSignInController.kt:91) at android.os.ResultReceiver$MyRunnable.run(ResultReceiver.java:50) at android.os.Handler.handleCallback(Handler.java:942) at android.os.Handler.dispatchMessage(Handler.java:99) at android.os.Looper.loopOnce(Looper.java:201) at android.os.Looper.loop(Looper.java:288) at android.app.ActivityThread.main(ActivityThread.java:8061) at java.lang.reflect.Method.invoke(Native Method) at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:703) at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:911)
Hi As mentioned above, please create a bug and provide all the details to deep dive :
Hey would you mind creating a bug for those users with all details required in that template? Please add version details, bug report, video recording, device details, api version used etc if you are able to reproduce. Sharing the bug link here : https://issuetracker.google.com/issues/new?component=1301097&template=1773864
I had the same problem as the others. @zhangwenxiang26's solution was the only thing that worked. The API does not appear to account for the case where there is no device account available. Docs for NoCredentialsException suggest
Upon this exception, your app should navigate to use the regular app sign-up or sign-in screen.
but my current project only uses OAuth and Passkey for authentication. Samples aren't particularly clear on how to handle this scenario.
I am having the same issue. It was working fine till yesterday. But now I'm getting this error During begin sign in, failure response from one tap: 16: [28433] Cannot find a matching credential. on the same device.
The solution is to manually call the google account creation when we have this exceptions
if (error is NoCredentialException) {
launchAddGoogleAccount()
}
private fun launchAddGoogleAccount() {
val intent = Intent(Settings.ACTION_ADD_ACCOUNT)
intent.putExtra(Settings.EXTRA_ACCOUNT_TYPES, arrayOf("com.google"))
addAccountLauncher.launch(intent);
}
private val addAccountLauncher = registerForActivityResult(ActivityResultContracts.StartActivityForResult()) { result: ActivityResult ->
if (result.resultCode == RESULT_OK) {
authChoicesViewModel.onGoogleButtonClick()
} else {
viewModel.hideProgress()
}
}
Unfortunately, RESULT_OK is never triggered. Even if we successfully add a Google account, the app returns with RESULT_CANCELED. As a result, the user will need to click on 'Login with Google' in our app again after adding a Google account.
Is this a problem that hasn't been solved yet? I don't know how many days I've been struggling with this.
I am getting the following error regarding the same
During begin sign in, failure response from one tap: 16: [28439] User disabled the feature.
Any idea why it does not work? For normal GoogleSignIn it is working. As I checked https://www.reddit.com/r/UpNote_App/comments/1328umg/error_16_while_trying_to_sign_up_using_google/?rdt=64332 I have my app in settings.
The solution proposed by @zhangwenxiang26 does not work for all the devices.
I'm already using a very dirty method to sign-In, it works for mostly of the cases, but one user has reported the issue During begin sign in, failure response from one tap: 16: [28433] Cannot find a matching credential.
That device is a motorola moto g13 with android 14.
I have no idea what can i do for fixing the issue
import android.content.Context
import android.content.Intent
import android.provider.Settings
import android.util.Log
import androidx.compose.runtime.Composable
import androidx.compose.runtime.rememberCoroutineScope
import androidx.compose.ui.Modifier
import androidx.compose.ui.platform.LocalContext
import androidx.compose.ui.res.stringResource
import androidx.credentials.CredentialManager
import androidx.credentials.GetCredentialRequest
import androidx.credentials.GetCredentialResponse
import androidx.credentials.exceptions.GetCredentialCancellationException
import androidx.credentials.exceptions.GetCredentialProviderConfigurationException
import com.google.android.libraries.identity.googleid.GetGoogleIdOption
import com.google.android.libraries.identity.googleid.GetSignInWithGoogleOption
import com.google.android.libraries.identity.googleid.GoogleIdTokenCredential
import kotlinx.coroutines.Dispatchers
import kotlinx.coroutines.launch
import org.howwefeel.moodmeter.R
import org.howwefeel.moodmeter.ui.commom.button.FullWidthButton
import java.security.MessageDigest
import java.util.UUID
/**
* A button that triggers a Google authentication flow.
* - First, it attempts to display a dialog with a list of available accounts.
* - If the dialog fails, it fails back to displaying a bottom sheet.
* - If both fail, the [onError] callback is invoked.
*
* @param modifier The modifier to apply to the button.
* @param autoSelectEnabled Enables auto-selection of the account for single-account devices.
* Note: This only applies to the bottom sheet; the dialog cannot pre-select an account.
* @param enable Determine whether the button is clickable.
* @param onSignIn Callback invoked when sign-in is successful.
* @param onError Callback invoked when an error occurs.
*/
@Composable
fun SignInWithGoogleButton(
modifier: Modifier = Modifier,
autoSelectEnabled: Boolean,
enable: () -> Boolean,
onSignIn: (CredentialManager, GetCredentialResponse, nonce: String) -> Unit,
onError: (Exception) -> Unit
) {
val context = LocalContext.current
val coroutineScope = rememberCoroutineScope()
val onClick: () -> Unit = {
val credentialManager = CredentialManager.create(context)
coroutineScope.launch {
val nonce = getNonce()
try {
val response = startGoogleSignInFlow(
context = context,
credentialManager = credentialManager,
nonce = nonce
)
onSignIn(credentialManager, response, nonce)
} catch (e: GetCredentialCancellationException) {
// Dialog was closed, no further action needed
return@launch
} catch (e: Exception) {
startGenericAuthenticationFlow(
context = context,
credentialManager = credentialManager,
nonce = nonce,
filterByAuthorizedAccounts = true,
autoSelectEnabled = autoSelectEnabled,
retryAuthentication = true,
onSignIn = onSignIn,
onError = onError
)
}
}
}
FullWidthButton(
modifier = modifier,
text = stringResource(id = R.string.sign_in),
enabled = enable(),
onClick = onClick
)
}
/**
* Generated a cryptographic "one time number" to be sent to the auth request.
*/
private fun getNonce(): String {
val rawNonce = UUID.randomUUID().toString()
val bytes = rawNonce.toByteArray()
val md = MessageDigest.getInstance("SHA-256")
val digest = md.digest(bytes)
val hashedNonce = digest.fold("") { accumulator, byte ->
accumulator + "%02x".format(byte)
}
return hashedNonce
}
private suspend fun startGoogleSignInFlow(
context: Context,
credentialManager: CredentialManager,
nonce: String
): GetCredentialResponse {
val clientId = context.getString(R.string.default_web_client_id)
val googleOption = GetSignInWithGoogleOption.Builder(clientId)
.setNonce(nonce)
.build()
val request = GetCredentialRequest.Builder()
.addCredentialOption(googleOption)
.build()
val response = credentialManager.getCredential(
context = context,
request = request
)
return response
}
/**
* Launch a generic authentication bottom sheet with available credentials.
* This bottomSheet might fail in the first attempt in some devices.
*
* For solving the issue, android documentation recommends the following cryptic logic:
* https://developer.android.com/identity/sign-in/credential-manager-siwg#instantiate-google
*/
private suspend fun startGenericAuthenticationFlow(
context: Context,
credentialManager: CredentialManager,
nonce: String,
filterByAuthorizedAccounts: Boolean,
autoSelectEnabled: Boolean,
retryAuthentication: Boolean,
onSignIn: (CredentialManager, GetCredentialResponse, nonce: String) -> Unit,
onError: (Exception) -> Unit
) {
try {
val clientId = context.getString(R.string.default_web_client_id)
val googleOption = GetGoogleIdOption.Builder()
.setFilterByAuthorizedAccounts(filterByAuthorizedAccounts)
.setServerClientId(clientId)
.setAutoSelectEnabled(autoSelectEnabled)
.setNonce(nonce)
.build()
val request: GetCredentialRequest = GetCredentialRequest.Builder()
.addCredentialOption(googleOption)
.build()
val response = credentialManager.getCredential(
context = context,
request = request
)
onSignIn(credentialManager, response, nonce)
} catch (e: GetCredentialCancellationException) {
return
} catch (e: Exception) {
if (retryAuthentication) {
startGenericAuthenticationFlow(
context = context,
credentialManager = credentialManager,
nonce = nonce,
filterByAuthorizedAccounts = false,
autoSelectEnabled = false,
retryAuthentication = false,
onSignIn = onSignIn,
onError = onError
)
} else {
onError(e)
}
}
}
"During begin sign in, failure response from one tap: 16: [28433] Cannot find a matching credential."
This issue occurs when a Google account is not logged in to the device.
Authentication manager login looks for an account that is already logged in to the device.
Authentication manager login method cannot resolve this situation.
Refer to the following page and retry logging in using Google account login method if an exception occurs.
- Implement authentication manager login
- Implement Google account login
- Retry 2 if an exception occurs in 1
https://stackoverflow.com/questions/77837594/android-google-oauth-nocredentialexception-no-credentials-available
If someone is still having problems with this, here's what solved for me.
In my case, the error
GetCredentialException: During begin sign in, failure response from one tap: 16: [28433] Cannot find a matching credential.
happened only when the Android device didn’t have a screen lock (PIN, pattern, or biometric) configured.
After setting up a PIN and locking/unlocking the phone once, the GetGoogleIdOption sign-in started working normally.
I believe that GetGoogleIdOption attempts to retrieve previously authorized credentials that are protected by the Android Keystore. If the device has no secure screen lock, the Credential Manager cannot access those protected credentials, returning the error.
Solutions
-
Enable a secure screen lock (PIN, pattern, or biometric) and disable
setFilterByAuthorizedAccountsandsetAutoSelectEnabledon the first login — permanent fix. -
Use
GetSignInWithGoogleOptionto always show the Google sign-in UI:val googleOption = GetSignInWithGoogleOption.Builder(serverClientId).build() -
(Recommended and my case) Detect device security and fall back automatically:
val keyguard = activity.getSystemService(KeyguardManager::class.java) val deviceSecure = keyguard?.isDeviceSecure == true val googleIdOption = GetGoogleIdOption.Builder() .setServerClientId(serverClientId) .setFilterByAuthorizedAccounts(true) .setAutoSelectEnabled(true) .build() val googleOption = GetSignInWithGoogleOption.Builder(serverClientId).build() val request = GetCredentialRequest.Builder().apply { if (deviceSecure) addCredentialOption(googleIdOption) else addCredentialOption(googleOption) }.build()
This way, the app tries a silent sign-in when possible and falls back to showing the Google sign-in UI on unsecured devices.
