fix(firebase_auth): Allow rawNonce to be passed through on web via …

…the `OAuthCredential`. (#8410)
firebase · Apr 7, 2022 · 0df32f6 · 0df32f6
1 parent 4336e04
commit 0df32f6
Show file tree

Hide file tree

Showing 3 changed files with 35 additions and 13 deletions.
diff --git a/packages/firebase_auth/firebase_auth_web/lib/src/interop/auth.dart b/packages/firebase_auth/firebase_auth_web/lib/src/interop/auth.dart
@@ -836,8 +836,8 @@ class OAuthProvider extends AuthProvider<auth_interop.OAuthProviderJsImpl> {
   /// Creates a credential for Google.
   /// At least one of [idToken] and [accessToken] is required.
   auth_interop.OAuthCredential credential(
-          [String? idToken, String? accessToken]) =>
-      jsObject.credential(idToken, accessToken);
+          auth_interop.OAuthCredentialOptions credentialOptions) =>
+      jsObject.credential(credentialOptions);
 }
 
 /// Twitter auth provider.

diff --git a/packages/firebase_auth/firebase_auth_web/lib/src/interop/auth_interop.dart b/packages/firebase_auth/firebase_auth_web/lib/src/interop/auth_interop.dart
@@ -221,6 +221,31 @@ abstract class OAuthCredential extends AuthCredential {
   external String get secret;
 }
 
+/// Defines the options for initializing an firebase.auth.OAuthCredential.
+/// For ID tokens with nonce claim, the raw nonce has to also be provided.
+
+@JS()
+@anonymous
+class OAuthCredentialOptions {
+  /// The OAuth access token used to initialize the OAuthCredential.
+  external String get accessToken;
+  external set accessToken(String a);
+
+  /// The OAuth ID token used to initialize the OAuthCredential.
+  external String get idToken;
+  external set idToken(String i);
+
+  /// The raw nonce associated with the ID token. It is required when an ID token with a nonce field is provided.
+  /// The SHA-256 hash of the raw nonce must match the nonce field in the ID token.
+  external String get rawNonce;
+  external set rawNonce(String r);
+  external factory OAuthCredentialOptions({
+    String? accessToken,
+    String? idToken,
+    String? rawNonce,
+  });
+}
+
 @JS('AuthProvider')
 @anonymous
 abstract class AuthProviderJsImpl {
@@ -279,7 +304,7 @@ class OAuthProviderJsImpl extends AuthProviderJsImpl {
   external OAuthProviderJsImpl setCustomParameters(
     dynamic customOAuthParameters,
   );
-  external OAuthCredential credential([String? idToken, String? accessToken]);
+  external OAuthCredential credential(OAuthCredentialOptions credentialOptions);
 }
 
 @JS('TwitterAuthProvider')

diff --git a/packages/firebase_auth/firebase_auth_web/lib/src/utils/web_utils.dart b/packages/firebase_auth/firebase_auth_web/lib/src/utils/web_utils.dart
@@ -260,13 +260,6 @@ auth_interop.OAuthCredential? convertPlatformCredential(
     );
   }
 
-  if (credential is OAuthCredential) {
-    return auth_interop.OAuthProvider(credential.providerId).credential(
-      credential.idToken,
-      credential.accessToken,
-    );
-  }
-
   if (credential is TwitterAuthCredential) {
     return auth_interop.TwitterAuthProvider.credential(
       credential.accessToken!,
@@ -282,10 +275,14 @@ auth_interop.OAuthCredential? convertPlatformCredential(
   }
 
   if (credential is OAuthCredential) {
-    return auth_interop.OAuthProvider(credential.providerId).credential(
-      credential.idToken,
-      credential.accessToken,
+    auth_interop.OAuthCredentialOptions credentialOptions =
+        auth_interop.OAuthCredentialOptions(
+      accessToken: credential.accessToken,
+      rawNonce: credential.rawNonce,
+      idToken: credential.idToken,
     );
+    return auth_interop.OAuthProvider(credential.providerId)
+        .credential(credentialOptions);
   }
 
   return null;