Why does Google Sign-In fail on mobile browsers but work on desktop?

Mobile browsers (especially Safari on iOS) have extremely strict policies against popups triggered outside of direct user interaction. Ensure `signInWithPopup` is called directly inside the `onClick` handler of your button, without wrapping it in an asynchronous `setTimeout` or waiting for a slow API call first.

I added my domain to Firebase, but it's still failing. What next?

Changes to the Google Cloud OAuth client can take up to 5-10 minutes to propagate globally. Wait a few minutes, clear your browser cache, and try again. Also ensure you added both the `www` and non-`www` versions of your domain.

Fix Firebase Google Sign-In Not Working in Production

Quick Answer

“Google Sign-In failures in production are almost always caused by missing authorized domains in Firebase or missing OAuth origins in Google Cloud Console. To fix this, manually add your production domain to both Firebase Console and the Google Cloud Console Credentials page.”

Similar Error Patterns

FirebaseError: Firebase: Error (auth/unauthorized-domain).

FirebaseError: Firebase: Error (auth/popup-closed-by-user).

Error 400: redirect_uri_mismatch

The domain is not authorized for OAuth operations for your Firebase project.

Are You Seeing This?

Popup closes immediately after opening
Works on localhost but fails on production domain
User is stuck on a blank popup screen
Auth loop back to login after successful Google select

Google Sign-In via Firebase is one of the easiest OAuth providers to implement locally. You call `signInWithPopup`, and it just works.

However, pushing to production introduces strict security layers designed to prevent credential hijacking. If you miss a single domain whitelist or fingerprint hash, the OAuth popup will abruptly close, leaving the user with an obscure `auth/popup-closed-by-user` or `auth/unauthorized-domain` error. As a debugging engineer, here is the exact checklist I use to rescue broken OAuth deployments.

TL;DR: How to fix Google Sign-In failures in Production

11. Add your exact production domain (e.g., `app.yourdomain.com`) to the 'Authorized domains' list in Firebase Console > Authentication > Settings.
22. Go to Google Cloud Console > APIs & Services > Credentials. Add your domain to 'Authorized JavaScript origins' and 'Authorized redirect URIs'.
33. For mobile wrappers (Flutter/React Native), ensure your production SHA-1 and SHA-256 fingerprints are added to your Firebase Android app settings.
44. Ensure third-party cookies are not being blocked by aggressive browser shields (e.g., Brave) without a fallback to `signInWithRedirect`.

Root Causes

Unlisted Firebase Authorized Domains

Firebase explicitly blocks authentication requests originating from domains it doesn't recognize. Localhost is whitelisted by default, which is why your dev environment works flawlessly. When deployed to a `.vercel.app` or custom domain, Firebase will reject the request if the domain isn't manually added.

Firebase: Error (auth/unauthorized-domain).

Google Cloud Console Mismatches

Firebase Authentication relies on Google Cloud Platform (GCP) under the hood. Even if Firebase knows your domain, the underlying GCP OAuth Client ID might not. The 'Authorized JavaScript origins' and 'Authorized redirect URIs' must be perfectly synced.

Cross-Origin / Third-Party Cookie Blocking

Browsers like Safari (ITP) and Brave aggressively block cross-site cookies. The `signInWithPopup` method relies on cross-origin communication between your app and Google's auth servers. If blocked, the popup crashes instantly without passing back the token.

Step-by-Step Fix Guide

Whitelist the Domain in Firebase

Navigate to your Firebase Console. Go to Authentication -> Settings -> Authorized domains.

Click 'Add domain'.
Enter your production domain (e.g., `my-app.com`). Do not include `https://` or trailing slashes.
If using Vercel preview branches, you may need to whitelist the overarching Vercel URL structure or specific preview URLs.

Sync with Google Cloud Console

Firebase usually syncs domains to GCP automatically, but it can fail. Manually verify the OAuth client.

Go to console.cloud.google.com.
Select your Firebase project.
Navigate to APIs & Services -> Credentials -> OAuth 2.0 Client IDs (Web client).
Add your domain to both 'Authorized JavaScript origins' and 'Authorized redirect URIs'.

Implement signInWithRedirect Fallback

To prevent browser-level blocking of popups, safely fall back to a full-page redirect if the popup fails.

try {
  await signInWithPopup(auth, googleProvider);
} catch (error) {
  if (error.code === 'auth/popup-blocked') {
    // Fallback for strict browsers like Safari
    await signInWithRedirect(auth, googleProvider);
  }
}

OAuth Failing in Production?

Users can't sign in? Don't lose conversions to a misconfigured redirect URI. I can audit your Firebase and Google Cloud setup to fix this instantly.

Get Immediate OAuth Support

Related Errors

auth/popup-closed-by-user
Often a false positive. The user didn't close it; the browser's security policy or an unauthorized domain caused the popup window to immediately self-destruct.
Error 400: redirect_uri_mismatch
The exact URL where the user is authenticating does not match the 'Authorized redirect URIs' in Google Cloud Console.

Prevention Strategy

Create a standard operating procedure (SOP) for deployments. Every time you purchase a new domain or generate a staging environment, updating Firebase/GCP Authorized Domains must be step 1.
Always test authentication in a clean Incognito window or a browser with strict privacy settings (like Brave or Safari) before declaring a sprint finished.

Still Stuck With This Issue?

Send your exact error message or deployment issue. I'll respond with a targeted fix.

Need a Deeper Fix?

Describe your full project issue below and I'll get back to you with a targeted fix.

Why Google Sign-In Fails in Production (And How to Fix It)