There’s an important difference between App signing key certificate and Upload key certificate in Play Console:

• Upload key certificate: used by you to sign and upload your releases. Google uses it only to verify the source of the AAB.

• App signing key certificate: the key Google uses to re-sign your app for distribution. This is what actually runs on users’ devices.

If you use Play App Signing, you must register the App signing key SHA-1 in Google Cloud Console (OAuth 2.0 Android client) for Google Sign-In or One Tap to work.

If you’re not using Play App Signing and manually create your signing key, then your own key’s SHA-1 is what you register instead.

Steps to fix error 10:

1. Copy App signing key SHA-1 from Play Console → App Integrity

2. Paste it in Google Cloud → Credentials → OAuth client (Android)

3. Save and wait a few minutes

No code change or re-upload is needed(if you already created, otherwise please create a new one), the app will now authenticate correctly.