google
PlatformException(sign_in_failed, com.google.GIDSignIn, keychain error, null) error even though "com.google.GIDSignIn" added as keychain group
bug Receiving this PlatformException(sign_in_failed, com.google.GIDSignIn, keychain error, null) when trying to sign in to google signin on macos. Stopped working randomly for both my apps on my personal macbook pro. This closed issue https://github.com/google/GoogleSignIn-iOS/issues/165 seems to suggest it is fixed but the comments say otherwise. It was working yesterday, I didn’t make a change to my app but today it has broken (possibly a pod update but that is all I can think of that has changed).
reproduce Just create a new macos flutter app with googlesignin.
Expected behavior Should log user in.
Screenshots
Environment MacBook Pro OS 14.2.1 Browser: Chrome
Additional context Was working yesterday
Using these packages in Flutter (have downgraded some)
firebase_core: ^3.7.0
firebase_auth: ^5.3.2
firebase_ui_auth: ^1.16.0
firebase_crashlytics: ^4.1.4
google_sign_in: ^6.2.2
firebase_ui_oauth_google: ^1.4.0
firebase_ui_localizations: ^1.13.0
I tried it again today with a brand new project, cleared everything out, followed different instructions but still the same error. Literally cannot sign in anymore.
Hey, thanks for submitting your issue! Curious, what version of GTMAppAuth are you building with? I find this interesting to be happening on version 6.2.2.
Are you also able to print out the error GSI is giving you? Try setting a breakpoint here. Giving the return value of the SecItemAdd call could give more context on the error. Unfortunately, I was not able to repro the error on my end even with the latest version, so if you're able to recreate it consistently then that can help.
Hi, thanks for getting back to me, the GTMAppAuth pod is on version 4.1.1.
I'm about to leave work now but it didn't hit the breakpoint. Is setPassword the correct method? I can try again tomorrow when I have a bit more time.
Hmm, I believe you can also try setting breakpoints here and here and see if it lands on one of these.
Additionally, is this an issue on iOS devices too or is it just MacOS? We haven't had any significant changes to the flows that would spark up this error and I checked our sample apps that provide MacOS targets, but I'm still not able to repro the error. Any additional steps or information you can provide would be helpful.
Hi,
in the GIDSignIn.m file (I have version 7.1.1 so the versions are slightly different)
if (!handlerAuthFlow.profileData) {
The profileData has data at this point so execution doesn't enter the if statement
in KeychainHelper.swift at line 100 the breakpoint is hit
guard status == noErr else {
status value is -25244
so it runs the
throw KeychainStore.Error.failedToDeletePassword(forItemName: service)
and yes, it does work on ios without any problems.
According to https://www.osstatus.com/search/results?platform=all&framework=all&search=25244, it looks like the issue has to do with an invalid owner. In my experience I've seen that there could be a difference in naming or access rights and resolving those issues resulted in success. For example, this may happen if there's app renaming, re-signing of profiles/certificates, or the owner lacks necessary entitlements. I'd double check nothing is missing in that regard (maybe created with a missing entitlement).
Closing this issue, but feel free to reopen if the issue persists and more information can be provided.
@brnnmrls reopen? I couldn't resolve my problem so stopped supporting google login. I double checked all the naming and permissions but couldn't identify anything.
I have triggered the keychain error now. When the system (macOS) asks "XXXX wants to use "login" keychain.", if the users cancel or deny it, "Keychain Error" will occur. When typing correct password, the error will disappear.
I think the message makes the users hesitate to accept it.
I continue to suffer from that error.
PlatformException(sign_in_failed, com.google.GIDSignIn, keychain error, null)
I use MacOS 15.2, the problems came out of nowhere, and obviously weren't always present in 15.2 to me. Me also, Keychain Sharing: "com.google.GIDSignIn" is already added. (That hasn't changed since the beginning.)
I have no idea what I could...
According to https://www.osstatus.com/search/results?platform=all&framework=all&search=25244, it looks like the issue has to do with an invalid owner. In my experience I've seen that there could be a difference in naming or access rights and resolving those issues resulted in success. For example, this may happen if there's app renaming, re-signing of profiles/certificates, or the owner lacks necessary entitlements. I'd double check nothing is missing in that regard (maybe created with a missing entitlement).
I'm pretty sure we changed something in the signing part of the build, so this makes sense. However, @brnnmrls, do you have any idea on what the best course of action would be for this? I'm guessing clearing the keychain and somehow regenerating the entries could help, but my fear is that this will only fix issues on my development machine and break the app for my users.
It seems like the issue persists and it would be nice to update the docs if the prerequisites for using this library on MacOS have changed (because of Apple changing some keychain specifics, for example). Is there any additional info I could provide to help fix this?
A bit of debugging and I found out that GIDSignIn is trying to delete the "auth" key from the keychain. This is such a common name for a key that another app had generated a key with the same name (in my case it was GoPro Quik). Deleting the key fixed the problem.
However, the simplistic "auth" key name still seems like an oversight.
I continue to suffer from that error.
PlatformException(sign_in_failed, com.google.GIDSignIn, keychain error, null)I use MacOS 15.2, the problems came out of nowhere, and obviously weren't always present in 15.2 to me. Me also, Keychain Sharing: "com.google.GIDSignIn" is already added. (That hasn't changed since the beginning.)
I have no idea what I could...
@brnnmrls this error is happening to myself as well in a flutter project , the error persists only on ios simulators not on physical devices and not on android simulators either.
Hi everyone! I'm opening up this issue again. Thanks for voicing your concerns. The team is going through ongoing discussions and investigating this.
Just to confirm, is this also happening on iOS? We were under the impression that this was only happening on MacOS.
Facing the same issue on macOS
[log] PlatformException(sign_in_failed, com.google.GIDSignIn, keychain error, null) [log] --------ERROR is PlatformException(sign_in_failed, com.google.GIDSignIn, keychain error, null) ----------
This issue can be reproduced reliably on macOS.
- Create two Flutter sample apps using Firebase Auth with Google Sign In. (Configuration of Keychain Sharing in XCode doesn't matter, it has no effect on the key.)
- Open the
Keychain Accessapp and go to theloginkeychain. (You can find this app in/System/Library/CoreServices/Applications.) - Delete the
authkey if there is one. - Run the first app and use Google Sign In to log in.
- See that there is a new key
authinKeychain Accessthat is owned by the app. - Now run the second app and use Google Sign in.
- See that sign in fails and you get
PlatformException(sign_in_failed, com.google.GIDSignIn, keychain error, null)error instead. - Delete the
authkey and use Google Sign In again in the second app. - It succeeds and creates a new
authkey owned by the second app.
Flutter 3.29 GoogleSignIn (7.1.0) GTMAppAuth (4.1.1)
Perhaps the auth key needs to get a unique name for each app so that apps from different vendors can access their own Google Sign In key?
(Firebase Auth creates such keys named firebase_auth1:VENDOR_ID:ios:APP_ID.)
Simulator issue has been fixed for me for the codesign error
Go into runner then build settings then scroll to the bottom and find user defined then make all settings yes and this should fix sign google error
hope it helps if not reply to thread :3
To resolve this issue, I had to BOTH revert to version 7.0.0, as suggested by @filipealva, AND add Keychain Sharing entitlement, as suggested by @longvudai on this related thread. After adding Keychain Sharing, the issue is also resolved in main, likely due to PR 259 in GTMAppAuth. .
Here's my workflow for anyone new landing on this thread:
Step 1: Move GoogleSignIn to main or 7.0.0
Step 2: Add Keychain Sharing entitlements and specify your bundle ID(s)
@brnnmrls a few thoughts:
- I set up GoogleSignIn and GTMAppAuth as local dependencies so I could add breakpoints and see the error. I confirmed that the exception stems from line 101 of KeychainHelper in GTMAppAuth. The code tries to remove any existing passwords and finds the 'auth' file from another app (see @karelklic repro steps). Without the Keychain Sharing entitlement, the SecItemDelete fails with error -34018 "missing entitlements". The error goes to GoogleSignIn and we throw a kKeychainError with message "keychain error" and error code kGIDSignInErrorCodeKeychain (-2). In this case, it might be better to pass through Apple's error from the SecItemDelete call's status? Apple error codes aren't always helpful, but in this case, -34018 "missing entitlements" is actually quite descriptive since we ended up needing to add the Keychain Sharing entitlement. When we get this specific error code, it may also help to add some flavor to the GoogleSignIn error message- i.e., "your app may need Keychain Sharing entitlement". I'm happy to submit a PR if that's something you'd accept!
- Unless I'm missing something, I don't see any mention of adding the Keychain Sharing entitlement in the GoogleSignIn documentation (Getting Started and Integrating)! It might make sense to add that?
Hi @timlenardo,
Yes PR 259 in GTMAppAuth should resolve this issue on main/9.0 when it is released.
I have updated the readme to include a note about needing to add $(AppIdentifierPrefix)$(CFBundleIdentifier) to the apps keychain access group on macOS (link). The Google developer site will be updated as well.
I think it would be very helpful to improve the error message so feel free to open a PR to do that.
To resolve this issue, I had to BOTH revert to version 7.0.0, as suggested by @filipealva, AND add Keychain Sharing entitlement, as suggested by @longvudai on this related thread. After adding Keychain Sharing, the issue is also resolved in main, likely due to PR 259 in GTMAppAuth. .
Here's my workflow for anyone new landing on this thread:
Step 1: Move GoogleSignIn to main or 7.0.0
Step 2: Add Keychain Sharing entitlements and specify your bundle ID(s)
[@brnnmrls](https://github.com/brnnmrls) a few thoughts:
- I set up GoogleSignIn and GTMAppAuth as local dependencies so I could add breakpoints and see the error. I confirmed that the exception stems from line 101 of KeychainHelper in GTMAppAuth. The code tries to remove any existing passwords and finds the 'auth' file from another app (see @karelklic repro steps). Without the Keychain Sharing entitlement, the SecItemDelete fails with error -34018 "missing entitlements". The error goes to GoogleSignIn and we throw a kKeychainError with message "keychain error" and error code kGIDSignInErrorCodeKeychain (-2). In this case, it might be better to pass through Apple's error from the SecItemDelete call's status? Apple error codes aren't always helpful, but in this case, -34018 "missing entitlements" is actually quite descriptive since we ended up needing to add the Keychain Sharing entitlement. When we get this specific error code, it may also help to add some flavor to the GoogleSignIn error message- i.e., "your app may need Keychain Sharing entitlement". I'm happy to submit a PR if that's something you'd accept!
- Unless I'm missing something, I don't see any mention of adding the Keychain Sharing entitlement in the GoogleSignIn documentation (Getting Started and Integrating)! It might make sense to add that?
some part of this solution fixed my issue... i had already setup my keychain sharing to no avail + adding a bundle identifier com.google.GIDSignIn (which was in another thread).
the additional step that fixed it all for me was in the first picture which was setting GoogleSignIn explicitly to 7.0.0. I was already aware that something might be wrong with 7.1.0 (from another thread), so i defined it as 7.0.0 elsewhere, but I guess something else was upgrading it to 7.1.0. After I set it explicitly to 7.0.0 with the "exact version" in xcode, it worked instantly. nightmare is over hopefully ha
Hey everyone! I want to call out here that 9.0.0 is released and should fix this issue. I'll keep this thread open for this week in case the same issue persists, otherwise please submit a new issue.