Changing Firebase target with Chrome Extension results in auth/invalid-credential

Question

I've previously setup and followed these steps, and got it to work: https://firebaseopensource.com/projects/firebase/quickstart-js/auth/chromextension/readme/#license

But cloning this extension, but with a different Extension ID, different firebase instance and OAuth/key setup, I've tried to follow the steps at least 3 separate times, but every time it fails at the last step, the login (the consent screen works though)

• Upload a fresh dummy extension (without key field in manifest.json) (But it is the exact same code as the working one)
• Get the Chrome Extension ID, and the Public Key, no problem
• Create OAuth Client ID with the Extension ID, configured consent screen, no problem, the screen shows up and I can click through
• Add OAuth & Public Key to manifest.json
• Make another OAuth Client ID? (I think this is a duplicate step, because which Client ID should I use? and afaik the whitelisting is optional)
• Use chrome.identity to get OAuth token:

export function startAuth(interactive) { 
  // Request an OAuth token from the Chrome Identity API.
  chrome.identity
    .getAuthToken({ interactive: !!interactive }, (token) => {
      if (chrome.runtime && !interactive) { 
        console.error('It was not possible to get a token programmatically.');
      }

      else if (token) {
        // Authorize Firebase with the OAuth Access Token.
        const credential = firebase.auth.GoogleAuthProvider
          .credential(null, token);

        firebase.auth()
          .signInWithCredential(credential)
          .catch((error) => {
            // The OAuth token might have been invalidated. Lets' remove it from cache.
            if (error.code === 'auth/invalid-credential') {

              chrome.identity
                .removeCachedAuthToken({ token }, () => {
                  startAuth(interactive);
                });
            }
          });
      }

      else {
        console.error('The OAuth Token was null');
      }
    });
}

Note: This code is working with another extensionID/OAuth/key, so the code itself can't be the problem.

There isn't much to change between them, it's really the ExtensionID, the OAuth client ID url, and the public key.

I've followed the steps 3 times, to no avail, every time I get the error auth/invalid-credential. I do get a token though, but that token won't authenticate. How to find out why this is?

It's trying to post to this address, and returning error 400:

POST:  https://identitytoolkit.googleapis.com/v1/accounts:signInWithIdp?key=xxxxx

Error: INVALID_IDP_RESPONSE : Invalid Idp Response: access_token audience is not for this project

My conclusion

There must be something changed with how to set this up, even though it works with different credentials

Answer 1

The problem was that I didn't create the OAuth in the same project in google cloud console, as the firebase project...