Many OAuth Providers Likely Broken by form_post instead of query auth URI

[chadrockey]

Internally, the authentication URIs are generated from https://www.googleapis.com/identitytoolkit/v3/relyingparty/createAuthUri?key={0}

This appears to easily handle the different providers, stays up to date, etc.

However, for some, and at least Apple, this no longer works. Apple forces the URI to have the form_post type instead of query, this means that the token returned is posted to the redirect url (firebase's server) instead of being able to this library to continue with the authentication process.

As a test, I edited the URI to use query instead of form_post. Unfortunately, Apple only allows form_post when you request the name or email scopes, so you need to also remove the scopes from the query.

With query and no scopes, the request succeeds and the rest of the code continues along fine. However, I'm pretty sure this will be horrible if you're creating an account and have no Name and no email. It at least works for a Firebase account with user/email, Google, and Apple associated.

@bezysoftware does this sound familiar? Do you have any ideas or known workarounds?