Hi everyone. I am trying to configure OIDC Google login for a native mobile app. When configuring the Google OIDC provider Kratos seems to require the

client_secret

property, but when you create a new Client ID in GCP you only get a client id, no client secret. Am I missing some configuration parameter for the provider in the Kratos configuration?

Hi @happy-policeman-99430, you must have done something wrong because when I create an OAuth client in my GCP project, I have both my client ID and the secret linked as you can see in this screenshot with information hidden :

@delightful-noon-48365 I'm pretty sure that you have not created an iOS OAuth Client ID, as they do not come with a client secret.

You maybe need to implement the Google SDK inside your native app: https://www.ory.sh/docs/kratos/social-signin/google#using-the-google-sdk-on-native-apps

Thanks for the feedback. I'm able to login via Google in my native app, that part is fine. It's configuring the Google OIDC provider in Kratos which is the issue, because it demands that I pass a

client_secret

in the provider configuration. I can set it to an empty string and get Kratos to start, but that seems like the wrong solution.

It seems that you need to implement an OAuth client with an identifier and its secret to use it in Kratos. But you may be able to avoid the browser as explained in https://www.ory.sh/docs/kratos/social-signin/google#using-the-google-sdk-on-native-apps

Thanks. Feels like Kratos should support Client IDs designed for native apps too, but perhaps I'll need to look into a workaround