Google Cloud Console Android OAuth credentials (for Google Sign-In) require the SHA-1 certificate fingerprint, not SHA-256. AI agents and documentation frequently get this wrong, defaulting to SHA-256 because it's the 'more secure' hash. Using SHA-256 creates the credential without error but Google Sign-In fails silently at runtime on the device.
Correct command:
keytool -list -v -keystore ~/.android/debug.keystore -alias androiddebugkey -storepass android | grep SHA1The -v flag prints both SHA1 and SHA256 lines. Only the SHA1 line is what Google Cloud Console wants for the Android credential type.
Google Cloud Console Android OAuth credentials require SHA-1 fingerprints, not SHA-256. When running keytool -list -v, use the SHA1: line. The SHA-256 fingerprint from the same output is for a different purpose (Play Store app signing verification). This applies to both debug and release keystores. The error is especially insidious because Google Cloud Console accepts SHA-256 without complaint — the failure only surfaces at runtime as a sign-in error on the device.