How to get Firebase auth OAuthProvider to add additional scopes using OIDC provider

Question

I have added a custom OIDC Provider to my Google Identity Platform. I can successfully authenticate with it, so I know it's not an issue with the provider configs, but for some reason when I try to add additional scopes to the token request the new scopes do not appear in the request url. In the code block below, I see the OAuthProvider object showing the additional scopes I added before requesting the signInWithPopup. But after this request when I validate the token I received it only has the 'oidc` scope and the additional scopes do not appear in the URL of the popup. Am I missing some additional step or does additional scopes not work with custom OIDC providers in Firebase Auth?

    let twitch = new firebase.auth.OAuthProvider('oidc.twitch');
    twitch.addScope('moderation:read');
    twitch.addScope('user:edit');
    console.log(twitch); // This shows the additional scopes requested
    const user = await this.auth.signInWithPopup(twitch); // This URL only shows the oidc scope
    console.log(user); // This user token does not have any additional scopes

Any help or confirmation is appreciated before I have to go roll my own auth. Thanks,

I got the same problem and there is no information about this :( — Ismail Akbudak, Dec 13 '21 at 18:40
When i checked twicth configuration, it seems they are not in the list https://id.twitch.tv/oauth2/.well-known/openid-configuration — Ismail Akbudak, Dec 14 '21 at 19:38

score 0 · Answer 1 · answered Dec 09 '21 at 11:41

Using a redirect.

firebase.auth().getRedirectResult().then(function(result) {
  if (result.credential) {
    // This gives you the OAuth Access Token for that provider.
    var token = result.credential.accessToken;
  }
  var user = result.user;
});

// Start a sign in process for an unauthenticated user.
var provider = new firebase.auth.OAuthProvider('google.com');
provider.addScope('profile');
provider.addScope('email');
firebase.auth().signInWithRedirect(provider);

Using a popup.

var provider = new firebase.auth.OAuthProvider('google.com');
provider.addScope('profile');
provider.addScope('email');
firebase.auth().signInWithPopup(provider).then(function(result) {
 // This gives you the OAuth Access Token for that provider.
 var token = result.credential.accessToken;
 // The signed-in user info.
 var user = result.user;
});

score 0 · Answer 2 · answered Dec 14 '21 at 17:36

It seems Google Identity Platform only pass defined scopes in openid-configuration scopes_supported field. But I think, it should not be like that to provide functionality

{
 ...
 "scopes_supported": [
  "openid",
  "email",
  "profile"
 ],
 ...
}

Examples:

How to get Firebase auth OAuthProvider to add additional scopes using OIDC provider

2 Answers2