I had working auth workflow using Lock widget (popup, google account) and signing in with customToken to Firebase. Then I had to update settings by adding one more host to “Allowed Origins (CORS)”. Initially I was getting error “invalid grant types: client_credentials” but when I chose “Client Type” => “SPA” I was able to save settings. But after that the auth workflow became broken - I’m getting error “Grant type ‘http://auth0.com/oauth/legacy/grant-type/delegation/id_token’ not allowed for the client” in the response for https://***.auth0.com/delegation request in the Dev console.
Which changes are required now to get working signing in with customToken to Firebase?
http://auth0.com/oauth/legacy/grant-type/delegation/id_token This feature is disabled by default. If you would like this feature enabled, please contact support to discuss your use case and prevent the possibility of introducing security vulnerabilities.
and thought I can’t enable this specific grant type through the patch. But after support’s answer I’ve tried and it works atm.
I am in the same position, I need to allow my Auth0 users delegated access to Firebase, but delegation does not possible in new Auth0 apps. It even says it clearly here, that the legacy method (still in their docs) is disabled. See Application Grant Types
What is the alternative to perform delegation now? Is there any documentation?!