Not able to change `grant type` in google_identity_platform_oauth_idp_config

[zhaoyi0113]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment. If the issue is assigned to the "modular-magician" user, it is either in the process of being autogenerated, or is planned to be autogenerated soon. If the issue is assigned to a user, that user is claiming responsibility for the issue. If the issue is assigned to "hashibot", a community member has claimed the issue already.

Affected Resource(s)

• google_identity_platform_oauth_idp_config

Description

I am using google_identity_platform_oauth_idp_config to deploy an identity to gcp but the grant type is fixed to be Implicit flow. GCP has another option which is code flow but I can't find a configuration to change that.

b/361091503

[arnisoph]

I can confirm this behaviour but rather consider it to be a bug. :)

[Marc3001]

Same here, documentation made us believe setting client_secret will setup code flow but it doesn't. The secret is well setup to GCP but we need to manually switch the grant type button to make it work.

[robertlindner]

Any updates on this? I just came across this issue again, and it looks like that now you have to also input the client secret again if you want to enable code flow.

[svetozar02]

Any updates?

[malafold]

Hello Everyone! Is there a solution to this?

[ggtisc]

Currently there is an argument called client_secret to achieve this objective

[roaks3]

I don't believe this is solved by client_secret alone.

It is perhaps a bit unintuitive, but it looks like the API does offer a responseType field that can be set to achieve this (which appears to be what the console is using). For "Code flow", it would presumably need to be set to {code: true, idToken: false}.

[serpro69]

Setting client_secret unfortunately does not set the grant type to "code flow", even on initial creation of the resource. Additionally, if you omit client_secret on initial creation, then add it and re-apply, the grant type still stays on "implicit flow" and isn't switched to "code flow. So there's currently no way to set "code flow" with a client secret via terraform, and this needs to be done manually (or via the API as suggested above by @roaks3) after the resource is created.