Open zhaoyi0113 opened 3 years ago
I can confirm this behaviour but rather consider it to be a bug. :)
Same here, documentation made us believe setting client_secret
will setup code flow but it doesn't.
The secret is well setup to GCP but we need to manually switch the grant type button to make it work.
Any updates on this? I just came across this issue again, and it looks like that now you have to also input the client secret again if you want to enable code flow.
Any updates?
Hello Everyone! Is there a solution to this?
Currently there is an argument called client_secret to achieve this objective
I don't believe this is solved by client_secret alone.
It is perhaps a bit unintuitive, but it looks like the API does offer a responseType
field that can be set to achieve this (which appears to be what the console is using). For "Code flow", it would presumably need to be set to {code: true, idToken: false}
.
Setting client_secret
unfortunately does not set the grant type to "code flow", even on initial creation of the resource.
Additionally, if you omit client_secret
on initial creation, then add it and re-apply, the grant type still stays on "implicit flow" and isn't switched to "code flow.
So there's currently no way to set "code flow" with a client secret via terraform, and this needs to be done manually (or via the API as suggested above by @roaks3) after the resource is created.
Community Note
Affected Resource(s)
Description
I am using
google_identity_platform_oauth_idp_config
to deploy an identity to gcp but thegrant type
is fixed to beImplicit flow
. GCP has another option which iscode flow
but I can't find a configuration to change that.b/361091503