Google error 401 - The server cannot process the request because it is malformed. It should not be retried.

[jhon-hst]

Google 401 Malformed Request on Android when adding new account (Cognito + Google Sync)

Description

I'm experiencing a 401 Malformed Request error specifically on Android when using AWS Cognito as an Identity Provider with Google.

The issue occurs only when the device has Google account synchronization active and the user attempts to add a new Google account during the sign-in process.

Steps to Reproduce

1. Trigger the login flow using authorize with Google/Cognito.
2. When the Google account selector appears, instead of picking an existing account, select "Add another account".
3. Complete the Android system's native verification (fingerprint/PIN).
4. Enter the new account credentials.
5. The Android system displays a native "Terms and Conditions" / "Google Play Services" acceptance screen.
6. After accepting, instead of redirecting back to the app/Cognito, the browser displays a Google 401 error.

Observations

• The issue does not happen if an existing account from the list is selected.
• The issue does not happen on iOS.
• Other providers (Microsoft, Apple) work perfectly.
• The redirected URL in the browser shows authuser=unknown, suggesting the session context is lost when the Android System Assistant takes over the UI focus.

Error URL (Redacted)

https://accounts.google.com/signin/oauth/consent?authuser=unknown&part=...&flowName=GeneralOAuthFlow&client_id=REDACTED.apps.googleusercontent.com&requestPath=%2Fsignin%2Foauth%2Fconsent#

Code Snippet

const socialConfig = {
  serviceConfiguration: {
    authorizationEndpoint: `https://${COGNITO_URL}/oauth2/authorize`,
    tokenEndpoint: `https://${COGNITO_URL}/oauth2/token`,
  },
  clientId: CLIENT_ID,
  redirectUrl: REDIRECT_URL,
  scopes: ['email', 'openid', 'profile'],
  additionalParameters: {
    identity_provider: 'Google',
    prompt: 'select_account',
  },
  usePKCE: true,
};

const result = await authorize(socialConfig);

Environment

• Identity Provider: Cognito
• Platform experiencing the issue on: Android
• React Native Version: 0.83.1
• react-native-app-auth Version: 8.1.0
• Platform: Android (tested on API 36)
• Device: Physical device with Google Sync active.