I know this is a common problem and I have read many articles about how to resolve but I am afraid that I am still stuck.
I would be very grateful for any help on this.
I have spent 10 hours so far trying out various settings.
I am showing unredacted details in my personal google account - this account will not be used for production - please tell me if this is a personal risk to myself.

I am working in Android Studio Otter 3

I am using the demo app net.openid.appauthdemo that is provided with the https://github.com/openid/AppAuth-Android library

I have only changed :

build.gradle(app)

AndroidManifest.xml

auth_config.json

Many of the end point settings have been gleaned from a tutorial

https://aster.cloud/2022/01/22/authenticating-on-android-with-the-appauth-library/

If I clear the data for the app then I am presented with a login screen to google.

After logging in (Start Authorization button) I receive the mismatch error message

Here are the settings I have entered for auth_config.json
{
  "client_id": "1068905132026-8r52fku688scud8l9i1lgekhc35eenik.apps.googleusercontent.com",
  "redirect_uri": "https://appauth.demo-app.io/oauth2redirect",
  "end_session_redirect_uri": "https://appauth.demo-app.io/oauth2redirectend",
  "authorization_scope": "openid email profile",
  "discovery_uri": "",
  "authorization_endpoint_uri": "https://accounts.google.com/o/oauth2/v2/auth",
  "token_endpoint_uri": "https://www.googleapis.com/oauth2/v4/token",
  "registration_endpoint_uri": "https://oauth-redirect.googleusercontent.com/r/buoyant-arena-485201-p5",
  "user_info_endpoint_uri": "https://www.googleapis.com/auth/userinfo",
  "end_session_endpoint": "https://accounts.google.com/o/oauth2/revoke",
  "https_required": true
}

Here is the only part of AndroidManifest.xml that I might have changed

        
            
                
                
                
                
            
        

This is the only part of build.gradle (module app) that I might have changed

android {
    namespace 'net.openid.appauthdemo'
    defaultConfig {
        applicationId 'net.openid.appauthdemo'
        project.archivesBaseName = 'appauth-demoapp'
        vectorDrawables.useSupportLibrary = true

        // Make sure this is consistent with the redirect URI used in res/raw/auth_config.json,
        // or specify additional redirect URIs in AndroidManifest.xml
        manifestPlaceholders = [
                'appAuthRedirectScheme': 'https://appauth.demo-app.io/oauth2redirect'
        ]
    }

Here is the debug certificate
(I am concerned that the Google ID platform requests the SHA-1 certificate fingerprint but in any examples the reference is to SHA-256)

PS C:\users\Tony\.android> keytool -keystore debug.keystore -list -v
Enter keystore password:  

Keystore type: JKS
Keystore provider: SUN

Your keystore contains 1 entry

Alias name: androiddebugkey
Creation date: 17 Apr 2019
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=Android Debug, O=Android, C=US
Issuer: CN=Android Debug, O=Android, C=US
Serial number: 198cc1a2
Valid from: Wed Apr 17 07:28:17 AWST 2019 until: Fri Apr 09 07:28:17 AWST 2049
Certificate fingerprints:
         SHA1: 7B:86:D1:7B:EA:41:22:3A:60:D2:F6:72:B0:7A:57:FA:56:1F:8E:8F
         SHA256: 33:06:4F:59:8C:FA:BC:EC:3C:49:41:DC:39:09:EF:25:0C:2D:96:BD:1E:79:F5:CE:76:0F:96:B6:60:83:5F:45
Signature algorithm name: SHA256withRSA
Subject Public Key Algorithm: 2048-bit RSA key
Version: 3

Extensions: 

#1: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 92 FD 58 F0 2C 26 4B B1   0E CB 41 A7 D2 B7 B1 75  ..X.,&K...A....u
0010: 3E 30 4A 56                                        >0JV
]
]

Here is the web client I have set up on the Google Cloud Platform in order to enter the redirect uri

Here is the android client id I have set up in the Google Cloud Platform.
The redirect uri cannot be entered for an Android ClientId