Improve Google Android login error diagnostics.

Preserve the underlying Google token validation failure and log safe request context so ID token issues are easier to debug.

Co-authored-by: Cursor <cursoragent@cursor.com>

internal/services/authentication/google.go

@@ -106,7 +106,7 @@ func (s *Service) LoginWithGoogleAndroid(
 
 	payload, err := idtoken.Validate(ctx, idToken, clientID)
 	if err != nil {
-		return domain.LoginSuccess{}, errors.New("invalid google id token")
+		return domain.LoginSuccess{}, fmt.Errorf("invalid google id token: %w", err)
 	}
 
 	email, _ := payload.Claims["email"].(string)

internal/web_server/handlers/auth_handler.go

@@ -51,6 +51,11 @@ func (h *Handler) GoogleAndroidLogin(c *fiber.Ctx) error {
 
 	loginRes, err := h.authSvc.LoginWithGoogleAndroid(c.Context(), req.IDToken, h.Cfg.GoogleOAuthClientID)
 	if err != nil {
+		h.mongoLoggerSvc.Error("Google Android login failed",
+			zap.Error(err),
+			zap.Int("id_token_length", len(req.IDToken)),
+			zap.Bool("google_client_id_configured", h.Cfg.GoogleOAuthClientID != ""),
+		)
 		return c.Status(fiber.StatusUnauthorized).JSON(domain.ErrorResponse{
 			Message: "Google login failed",
 			Error:   err.Error(),