Setting Authorization Code Flow vs Implicit Flow?

[JeffBeltran]

Hey there, thanks for the helpful package. I have been spending most of the day wrapping my head around grants/flows and was hoping to get clarification on how this package uses these.

When responseType set to code would i be correct in assuming this is implementing the Authorization Code Flow where the default one (permission) would be the implicit flow?

[k-funk]

When responseType set to code would i be correct in assuming this is implementing the Authorization Code Flow where the default one (permission) would be the implicit flow?

This is my assumption as well. Would love to hear from the maintainer to confirm.

[lthamm]

While I have to say that I did not look too far into the issue, I don't think that this is safe to assume, as you still get the accessToken in the frontend with code as the response type.

It seems pretty clear from the implementation here https://github.com/anthonyjgrove/react-google-login/blob/7db5b9686a70ded6b090a9c01906ca978b00a54d/src/use-google-login.js#L93 that this library only changes the access_type to offline based on the responseType passed to it but the Google API requires this to be set as the response_type (see https://developers.google.com/identity/sign-in/web/reference#gapiauth2authorizeconfig)

Someone indeed already suggested a fix like this here (which should be working from the google docs): https://github.com/anthonyjgrove/react-google-login/issues/337#issuecomment-653336044

See: https://github.com/anthonyjgrove/react-google-login/issues/426

I don't know how relevant this is with the changes to the google libraries (making the current version react-google-login outdated anyways).