Getting "16: Cannot find a matching credential" when doing One Tap sign-in and sign-up on Android

Issue

I have been following the guide for setting up One Tap sign-in and sign-up on Android, and have used the example code to set up the One Tap client, but every time I call oneTapClient.beginSignIn(signInRequest) I get a callback to OnFailureListener's onFailure():

com.google.android.gms.common.api.ApiException: 16: Cannot find a matching credential.
    at com.google.android.gms.common.api.internal.TaskUtil.setResultOrApiException(com.google.android.gms:play-services-base@@17.2.1:6)
    at com.google.android.gms.internal.auth-api.zzaj.zzc(com.google.android.gms:play-services-auth@@18.0.0:2)
    at com.google.android.gms.internal.auth-api.zzaa.dispatchTransaction(com.google.android.gms:play-services-auth@@18.0.0:6)
    at com.google.android.gms.internal.auth-api.zzc.onTransact(com.google.android.gms:play-services-auth@@18.0.0:13)
    at android.os.Binder.execTransactInternal(Binder.java:1021)
    at android.os.Binder.execTransact(Binder.java:994)

What does this mean? Why am I getting this? I'm sure I must have missed something somewhere in the setup.

Solution

There are actually several different cases where you would give this same error message

Case #1

I was sure I had uploaded the SHA-1 signature of my debug certificate, but that was not case.

The documentation states this:

On the Credentials page, create an Android client ID for your app if you don't already have one. You will need to specify your app's package name and SHA-1 signature.

In practice you need to go to the mentioned page and create an OAuth Client ID and get the SHA-1 with the good old keytool -list -v -keystore ~/.android/debug.keystore -alias androiddebugkey -storepass android -keypass android.

Case #2

For some reason the same error code and error message will also be used if you specify setFilterByAuthorizedAccounts(true) and you as a user don't have any Google accounts that are already authorized to sign in to your application.

As specified in the documentation linked in the question you could first use setFilterByAuthorizedAccounts(true) to help the user pick the same account as the last time and then setFilterByAuthorizedAccounts(false) to make it possible to create a new user for the app.

Case #3

The user is not logged in with any Google accounts on the device.

Answered By - Roy Solberg