API Gateway returns "incorrect aud" or "iss" claim with Firebase Auth from FlutterFlow

Hello everyone,

I'm running into a persistent issue while trying to secure my backend with Google Cloud API Gateway and Firebase Authentication, and I feel like I'm running in circles. I'm hoping someone in the community has encountered this specific scenario.

Backend: Firebase Cloud Functions (onRequest, located in europe-west3)
Goal: Route all my Cloud Function calls through a Google Cloud API Gateway to get a single, professional endpoint and add a layer of security (DDoS protection, etc.).

The Configuration:

I've set up an API Gateway in europe-west1.
I've created an openapi-spec.yaml to route a test endpoint (/deleteCheckIn) to the corresponding Cloud Function.
The gateway security is configured to require a valid Firebase Auth ID Token using securityDefinitions.

The Problem:
My FlutterFlow app calls the gateway endpoint (e.g., https://api.my-project.com/deleteCheckIn). Before making the call, I get the user's ID token via await currentUser.getIdToken(true) and pass it in the Authorization: Bearer <token> header.

However, the call consistently fails at the gateway, and I receive one of two errors depending on my openapi-spec.yaml configuration.

Scenario 1: openapi-spec.yaml configured with jwt_audience: "my-project-id"

Error Message: Firebase ID token has incorrect "aud" (audience) claim. Expected "my-project-id" but got "https://europe-west3-my-project-id.cloudfunctions.net/deleteCheckIn".
My Analysis: Even though I'm forcing a refresh with getIdToken(true), the Firebase SDK within the FlutterFlow environment seems to be generating a token scoped specifically to the Cloud Function URL, not the general Firebase Project ID that the gateway is expecting.

Scenario 2: I try to fix this by setting jwt_audience to the full Cloud Function URL

Error Message: Firebase ID token has incorrect "iss" (issuer) claim. Expected "https://securetoken.google.com/my-project-id" but got "https://accounts.google.com".
My Analysis: This error appears when I'm logged in via "Sign in with Google". It seems the app is now sending the Google Identity Token directly, instead of the Firebase-issued ID Token.

In summary, I'm stuck in a catch-22:

If I configure the gateway to expect the Project ID as the audience, the app sends a token with the Function URL as the audience.
If I try to work around that, the app sends a token from the wrong issuer (accounts.google.com instead of securetoken.google.com).

My openapi-spec.yaml currently looks like this: (s. attached screenshot)

My Question:
Has anyone successfully implemented this combination: FlutterFlow -> Google API Gateway -> Firebase Cloud Function with Firebase Authentication, especially when using social logins (Google/Apple)?

How can I reliably force my FlutterFlow app to provide a standard Firebase ID Token where the aud claim is my Firebase Project ID, so the API Gateway can validate it correctly? Is there a specific trick within FlutterFlow's API Call setup or auth_util.dart that I'm missing?

Any help or insight would be greatly appreciated. This is the last major blocker before I can launch.

Thank you