AWS: NotAuthorizedException: Invalid login token. Incorrect token audience. (Service: AmazonCognitoIdentity

Question

While using MobileHubConsole in AWS, I wanted to use Google+ SignIn through Android.

but I'm receiving this error:

06-25 23:30:02.819 17675-17675/com.xxxxxx.xxxu E/SignInActivity: Sign-in with Google caused an error.
com.amazonaws.mobile.auth.core.signin.CognitoAuthException: com.amazonaws.services.cognitoidentity.model.NotAuthorizedException: Invalid login token. Incorrect token audience. (Service: AmazonCognitoIdentity; Status Code: 400; Error Code: NotAuthorizedException; Request ID: 971e8ed4-78a1-11e8-8b4b-69de317f28ea)
    at com.amazonaws.mobile.auth.core.IdentityManager$SignInProviderResultAdapter.onCognitoError(IdentityManager.java:426)
    at com.amazonaws.mobile.auth.core.IdentityManager$SignInProviderResultAdapter.access$1000(IdentityManager.java:400)
    at com.amazonaws.mobile.auth.core.IdentityManager$3.run(IdentityManager.java:565)
    at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:428)
    at java.util.concurrent.FutureTask.run(FutureTask.java:237)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1133)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:607)
    at java.lang.Thread.run(Thread.java:760)
 Caused by: com.amazonaws.services.cognitoidentity.model.NotAuthorizedException: Invalid login token. Incorrect token audience. (Service: AmazonCognitoIdentity; Status Code: 400; Error Code: NotAuthorizedException; Request ID: 971e8ed4-78a1-11e8-8b4b-69de317f28ea)

I'm using AWS provided SignIn library:

aws-android-sdk-auth-ui

Integration in Android:

AWSMobileClient.getInstance().initialize(getActivity(), new AWSStartupHandler() {
        @Override
        public void onComplete(AWSStartupResult awsStartupResult) {
            Log.e("SahajLOGOP", "Complete" +LoginFragment.this.getActivity()+"  ");

            SignInUI signin = (SignInUI) AWSMobileClient.getInstance().getClient(LoginFragment.this.getActivity(), SignInUI.class);
            if (LoginFragment.this.getActivity()!=null)
            signin.login(LoginFragment.this.getActivity(), MainActivity.class).execute();
        }
    }).execute();

awsconfiguration.Json :

{
"UserAgent": "MobileHub/1.0",
"Version": "1.0",
"CredentialsProvider": {
"CognitoIdentity": {
  "Default": {
    "PoolId": "ap-south-1---------",
    "Region": "ap-south-1"
  }
 }
 },
"IdentityManager": {
"Default": {}
},
{
"GoogleSignIn": {
"ClientId-WebApp": "73699------------a4q.apps.googleusercontent.com",
"Permissions": "email,profile,openid"
}
}

Federated Identity Pool - Google Federated Identity Pool - OpenID IAM Identity Providers Mobile Hub Google SignIn

Answer 1

Okay so finally I have solved the problem and It was something which isn't mentioned anywhere on the internet.

My android app is signed with my old desktop SHA-1 key

so to login we need to have Android Client-id key generated with the same with which the app is signed.

And in Google api console, Firebase used to handle this problem by its own by generating the correct one itself, but AWS is 3rd party so i had to figure out the problem.

So, this time I used the correct Android Client ID in AWS with which the app is Signed with and that solved the problem!

Here, is what it looks like::