Fix the OAuth credential logic, and add support for OIDC (#4512)

* Fix oauth credential and test for OIDC

* Formatting

* Formatting

Author: sam-gc

packages-exp/auth-exp/src/core/providers/oauth.test.ts

@@ -78,6 +78,28 @@ describe('core/providers/oauth', () => {
     expect(OAuthProvider.credentialFromResult(userCred)).to.be.null;
   });
 
+  it('credentialFromResult works for oidc', async () => {
+    const auth = await testAuth();
+    const userCred = new UserCredentialImpl({
+      user: testUser(auth, 'uid'),
+      providerId: ProviderId.GOOGLE,
+      _tokenResponse: {
+        ...TEST_ID_TOKEN_RESPONSE,
+        pendingToken: 'pending-token',
+        oauthIdToken: 'id-token',
+        providerId: 'oidc.oidctest'
+      },
+      operationType: OperationType.SIGN_IN
+    });
+    const cred = OAuthProvider.credentialFromResult(userCred)!;
+    expect(cred.idToken).to.eq('id-token');
+    expect(cred.providerId).to.eq('oidc.oidctest');
+    expect(cred.signInMethod).to.eq('oidc.oidctest');
+    expect((cred.toJSON() as Record<string, string>).pendingToken).to.eq(
+      'pending-token'
+    );
+  });
+
   it('credentialFromError creates the cred from a tagged error', () => {
     const error = _createError(AuthErrorCode.NEED_CONFIRMATION, {
       appName: 'foo'

packages-exp/auth-exp/src/core/providers/oauth.ts

@@ -20,7 +20,7 @@ import { AuthProvider, UserCredential } from '../../model/public_types';
 import { _assert } from '../util/assert';
 import { AuthErrorCode } from '../errors';
 
-import { OAuthCredential } from '../credentials/oauth';
+import { OAuthCredential, OAuthCredentialParams } from '../credentials/oauth';
 import { UserCredentialInternal } from '../../model/user';
 import { FirebaseError } from '@firebase/util';
 import { TaggedWithTokenResponse } from '../../model/id_token';
@@ -146,12 +146,19 @@ export class OAuthProvider implements AuthProvider {
    * or the ID token string.
    */
   credential(params: OAuthCredentialOptions): OAuthCredential {
-    _assert(params.idToken && params.accessToken, AuthErrorCode.ARGUMENT_ERROR);
+    return this._credential(params);
+  }
+
+  /** An internal credential method that accepts more permissive options */
+  private _credential(
+    params: OAuthCredentialOptions | OAuthCredentialParams
+  ): OAuthCredential {
+    _assert(params.idToken || params.accessToken, AuthErrorCode.ARGUMENT_ERROR);
     // For OAuthCredential, sign in method is same as providerId.
     return OAuthCredential._fromParams({
+      ...params,
       providerId: this.providerId,
-      signInMethod: this.providerId,
-      ...params
+      signInMethod: this.providerId
     });
   }
 
@@ -261,10 +268,11 @@ export class OAuthProvider implements AuthProvider {
     }
 
     try {
-      return new OAuthProvider(providerId).credential({
+      return new OAuthProvider(providerId)._credential({
         idToken: oauthIdToken,
         accessToken: oauthAccessToken,
-        rawNonce: nonce
+        rawNonce: nonce,
+        pendingToken
       });
     } catch (e) {
       return null;

packages-exp/auth-exp/src/core/user/additional_user_info.ts

@@ -82,7 +82,7 @@ export function _fromIdTokenResponse(
 class GenericAdditionalUserInfo implements AdditionalUserInfo {
   constructor(
     readonly isNewUser: boolean,
-    readonly providerId: ProviderId | null,
+    readonly providerId: ProviderId | string | null,
     readonly profile: Record<string, unknown> = {}
   ) {}
 }

packages-exp/auth-exp/src/core/user/user_credential_impl.ts

@@ -25,15 +25,15 @@ import { AuthInternal } from '../../model/auth';
 
 interface UserCredentialParams {
   readonly user: UserInternal;
-  readonly providerId: ProviderId | null;
+  readonly providerId: ProviderId | string | null;
   readonly _tokenResponse?: PhoneOrOauthTokenResponse;
   readonly operationType: OperationType;
 }
 
 export class UserCredentialImpl
   implements UserCredentialInternal, UserCredentialParams {
   readonly user: UserInternal;
-  readonly providerId: ProviderId | null;
+  readonly providerId: ProviderId | string | null;
   readonly _tokenResponse: PhoneOrOauthTokenResponse | undefined;
   readonly operationType: OperationType;
 
@@ -81,7 +81,9 @@ export class UserCredentialImpl
   }
 }
 
-function providerIdForResponse(response: IdTokenResponse): ProviderId | null {
+function providerIdForResponse(
+  response: IdTokenResponse
+): ProviderId | string | null {
   if (response.providerId) {
     return response.providerId;
   }

packages-exp/auth-exp/src/model/id_token.ts

@@ -55,7 +55,7 @@ export interface IdTokenResponse {
   idToken?: IdToken;
   refreshToken?: string;
   expiresIn?: string;
-  providerId?: ProviderId;
+  providerId?: ProviderId | string;
 
   // Used in AdditionalUserInfo
   displayName?: string | null;