I need some assistance setting up OIDC auth in Google's Identity Platform. I have setup Oauth2 authentication before, but this is slightly different, and I feel like I'm missing something basic, and that's why it's not working. I'm following the instructions here. Using these, I've setup the provider to look similar to this:
Then underneath that it specifies as a redirect: https://my-fancy-project.firebaseapp.com/__/auth/handler. The issuer has an appropriate .well-known/openid-configuration
So, on the Sandbox I'm working in, I've setup a new application for oauth2, received the clientId (seen in the image above as 12345-67890-abcdef-ghijklm), and specifying the redirect URL for the application to be https://my-fancy-project.firebaseapp.com/__/auth/handler.
In my Flutter application, I call the following method in my dart code:
Future<void> request(Uri fhirCallback) async {
await Firebase.initializeApp(options: DefaultFirebaseOptions.currentPlatform);
firebaseAuth.FirebaseAuth auth = firebaseAuth.FirebaseAuth.instance;
final provider = firebaseAuth.OAuthProvider('oidc.brand-new-auth');
// provider.setScopes(['openid', 'profile', 'fhirUser']);
final res1 = await auth.signInWithPopup(provider);
}
Which launches a popup window, thinks for a moment, closes, and then gives the following error message:
POST https://identitytoolkit.googleapis.com/v1/accounts:signInWithIdp?key=alphanumeric-string 400
[firebase_auth/invalid-credential] Error getting verification code from oidc.brand-new-auth
response: error=unsupported_response_type&state=another-string_of-alphanumeric-characters-here
js_primitives.dart:30 dart-sdk/lib/_internal/js_dev_runtime/private/ddc_runtime/errors.dart 266:49 throw_
packages/firebase_auth_web/firebase_auth_web.dart 375:7 signInWithPopup
dart-sdk/lib/_internal/js_dev_runtime/patch/async_patch.dart 60:31 <fn>
dart-sdk/lib/async/zone.dart 1658:54 runBinary
dart-sdk/lib/async/future_impl.dart 162:22 handleError
dart-sdk/lib/async/future_impl.dart 778:46 handleError
dart-sdk/lib/async/future_impl.dart 799:13 _propagateToListeners
dart-sdk/lib/async/future_impl.dart 574:5 [_completeError]
dart-sdk/lib/async/future_impl.dart 665:7 callback
dart-sdk/lib/async/schedule_microtask.dart 40:11 _microtaskLoop
dart-sdk/lib/async/schedule_microtask.dart 49:5 _startMicrotaskLoop
dart-sdk/lib/_internal/js_dev_runtime/patch/async_patch.dart 166:15 <fn>
But for this kind of authentication I'm not specifically setting the response type, so I'm not sure how to fix this error.
Oh, and if I try instead to go with Code Flow instead of Implicit Flow (id_token), generating the secret key for the app and copying it into the Provider, then when I try and authenticate I recieve:
[firebase_auth/invalid-credential] The supplied auth credential is malformed or has expired.
js_primitives.dart:30 dart-sdk/lib/_internal/js_dev_runtime/private/ddc_runtime/errors.dart 266:49 throw_
packages/firebase_auth_web/firebase_auth_web.dart 375:7 signInWithPopup
dart-sdk/lib/_internal/js_dev_runtime/patch/async_patch.dart 60:31 <fn>
dart-sdk/lib/async/zone.dart 1658:54 runBinary
dart-sdk/lib/async/future_impl.dart 162:22 handleError
dart-sdk/lib/async/future_impl.dart 778:46 handleError
dart-sdk/lib/async/future_impl.dart 799:13 _propagateToListeners
dart-sdk/lib/async/future_impl.dart 574:5 [_completeError]
dart-sdk/lib/async/future_impl.dart 665:7 callback
dart-sdk/lib/async/schedule_microtask.dart 40:11 _microtaskLoop
dart-sdk/lib/async/schedule_microtask.dart 49:5 _startMicrotaskLoop
dart-sdk/lib/_internal/js_dev_runtime/patch/async_patch.dart 166:15 <fn>
Does anyone see anything obvious that I'm doing wrong with my setup?
