update for changes in signiture

etc/firebase-admin.api.md

@@ -208,15 +208,23 @@ export namespace auth {
     export interface MultiFactorUpdateSettings {
         enrolledFactors: UpdateMultiFactorInfoRequest[] | null;
     }
+    export interface OAuthResponseType {
+        code?: boolean;
+        idToken?: boolean;
+    }
     export interface OIDCAuthProviderConfig extends AuthProviderConfig {
         clientId: string;
+        clientSecret?: string;
         issuer: string;
+        responseType?: OAuthResponseType;
     }
     export interface OIDCUpdateAuthProviderRequest {
         clientId?: string;
+        clientSecret?: string;
         displayName?: string;
         enabled?: boolean;
         issuer?: string;
+        responseType?: OAuthResponseType;
     }
     export interface PhoneIdentifier {
         // (undocumented)

src/auth/auth-config.ts

@@ -816,15 +816,19 @@ export class OIDCConfig implements OIDCAuthProviderConfig {
                 `"OIDCAuthProviderConfig.responseType.${responseTypeKey}" must be a boolean.`,
               );
             }
-            idTokenType = options.responseType && options.responseType.idToken;
+            if (options.responseType && options.responseType.idToken) {
+              idTokenType = options.responseType.idToken;
+            }
           } else if (responseTypeKey == 'code') {
             if (!validator.isBoolean(options.responseType.code)) {
               throw new FirebaseAuthError(
                 AuthClientErrorCode.INVALID_ARGUMENT,
                 `"OIDCAuthProviderConfig.responseType.${responseTypeKey}" must be a boolean.`,
               );
             }
-            codeType = options.responseType && options.responseType.code;
+            if (options.responseType && options.responseType.code) {
+              codeType = options.responseType.code;
+            }
           }
         }
       }
@@ -889,7 +893,6 @@ export class OIDCConfig implements OIDCAuthProviderConfig {
     } else {
       const responseType = {
         idToken: true,
-        code: false,
       }
       this.responseType = responseType;
     }

src/auth/index.ts

@@ -1292,21 +1292,20 @@ export namespace auth {
   /**
    * The interface representing OIDC provider's response object for OAuth
    * authorization flow.
-   * We need either one of them or both true. There are three different cases:
-   * If idToken true, code false, then we are doing hybrid flow.
-   * If idToken false, code true, then we are doing code flow.
-   * If idToken true, code true, then we are doing idToken flow.
+   * We need either of them to be true, there are two cases:
+   * If set code to true, then we are doing code flow.
+   * If set idToken to true, then we are doing idToken flow.
    */
   export interface OAuthResponseType {
     /**
      * Whether ID token is returned from IdP's authorization endpoint.
      */ 
-    idToken: boolean;
+    idToken?: boolean;
 
     /**
      * Whether authorization code is returned from IdP's authorization endpoint.
      */
-    code: boolean;
+    code?: boolean;
   }
 
   /**

test/integration/auth.spec.ts

@@ -1648,7 +1648,6 @@ describe('admin.auth', () => {
       clientId: 'CLIENT_ID1',
       responseType: {
         idToken: true,
-        code: false,
       },
     };
     const authProviderConfig2 = {
@@ -1659,7 +1658,6 @@ describe('admin.auth', () => {
       clientId: 'CLIENT_ID2',
       clientSecret: 'CLIENT_SECRET',
       responseType: {
-        idToken: false,
         code: true,
       },
     };
@@ -1728,8 +1726,8 @@ describe('admin.auth', () => {
         });
     });
 
-    it('updateProviderConfig() successfully overwrites an OIDC config', () => {
-      const modifiedConfigOptions = {
+    it('updateProviderConfig() successfully partially modifies an OIDC config', () => {
+      const deltaChanges = {
         displayName: 'OIDC_DISPLAY_NAME3',
         enabled: false,
         issuer: 'https://oidc.com/issuer3',
@@ -1740,34 +1738,15 @@ describe('admin.auth', () => {
           code: true,
         },
       };
-      return admin.auth().updateProviderConfig(authProviderConfig1.providerId, modifiedConfigOptions)
-        .then((config) => {
-          const modifiedConfig = deepExtend(
-            { providerId: authProviderConfig1.providerId }, modifiedConfigOptions);
-          assertDeepEqualUnordered(modifiedConfig, config);
-        });
-    });
-
-    it('updateProviderConfig() successfully partially modifies an OIDC config', () => {
-      const deltaChanges = {
-        displayName: 'OIDC_DISPLAY_NAME4',
-        issuer: 'https://oidc.com/issuer4',
-        clientSecret: '',
-        responseType: {
-          idToken: true,
-          code: false,
-        },
-      };
       // Only above fields should be modified.
       const modifiedConfigOptions = {
-        displayName: 'OIDC_DISPLAY_NAME4',
+        displayName: 'OIDC_DISPLAY_NAME3',
         enabled: false,
-        issuer: 'https://oidc.com/issuer4',
+        issuer: 'https://oidc.com/issuer3',
         clientId: 'CLIENT_ID3',
-        clientSecret: '',
+        clientSecret: 'CLIENT_SECRET',
         responseType: {
-          idToken: true,
-          code: false,
+          code: true,
         },
       };
       return admin.auth().updateProviderConfig(authProviderConfig1.providerId, deltaChanges)

test/unit/auth/auth-config.spec.ts

@@ -741,7 +741,6 @@ describe('OIDCConfig', () => {
     enabled: true,
     clientSecret: 'CLIENT_SECRET',
     responseType: {
-      idToken: false,
       code: true,
     },
   };
@@ -790,7 +789,6 @@ describe('OIDCConfig', () => {
 
     it('should set readonly property expected responseType', () => {
       const expectedResponseType = {
-        idToken: false,
         code: true,
       };
       expect(config.responseType).to.deep.equal(expectedResponseType);
@@ -801,7 +799,6 @@ describe('OIDCConfig', () => {
       delete serverResponse.responseType;
       const expectedResponseType = {
         idToken: true,
-        code: false,
       };
       const testConfig = new OIDCConfig(serverResponse);
       expect(testConfig.responseType).to.deep.equal(expectedResponseType);
@@ -871,7 +868,6 @@ describe('OIDCConfig', () => {
         clientId: 'CLIENT_ID',
         clientSecret: 'CLIENT_SECRET',
         responseType: {
-          idToken: false,
           code: true,
         },
       });
@@ -887,12 +883,22 @@ describe('OIDCConfig', () => {
       const updateRequest: OIDCUpdateAuthProviderRequest = {
         clientId: 'CLIENT_ID',
         displayName: 'OIDC_PROVIDER_DISPLAY_NAME',
+        clientSecret: 'CLIENT_SECRET',
+        responseType: {
+          idToken: false,
+          code: true,
+        }
       };
       const updateServerRequest: OIDCConfigServerRequest = {
         clientId: 'CLIENT_ID',
         displayName: 'OIDC_PROVIDER_DISPLAY_NAME',
         issuer: undefined,
         enabled: undefined,
+        clientSecret: 'CLIENT_SECRET',
+        responseType: {
+          idToken: false,
+          code: true,
+        }
       };
       expect(OIDCConfig.buildServerRequest(updateRequest, true)).to.deep.equal(updateServerRequest);
     });