Firebase-admin auth ignores httpAgent

[hw2zheng]

[REQUIRED] Step 1: Describe your environment

• Operating System version: macOs Mojave
• Firebase SDK version: firebase-admin 7.2.0
• Firebase Product: auth
• Node.js version: 12.9.0
• NPM version: 6.10.2

[REQUIRED] Step 2: Describe the problem

We have an app that uses firebase-admin for authenticating users and accessing firestore.
We initialize admin with an httpAgent, as per the docs:

const admin = require('firebase-admin');
const HttpsProxyAgent = require('https-proxy-agent');
const config = {
  credential: admin.credential.cert(...),
  databaseURL: ...,
  httpAgent: new HttpsProxyAgent(process.env.HTTPS_PROXY)
}
admin.initializeApp(config)

Calls to admin.firestore() work just fine, but calls to admin.auth().verifyIdToken(...) hang when the service is deployed behind a proxy.
After some debugging, I noticed that admin.firestore() calls pass in the proxyAgent when making requests, but calls to admin.auth().verifyIdToken(...) don't.

Without the agent in the request, our firewall blocks the request.

Steps to reproduce:

Run the code below, replacing serviceAccountKey with any serviceAccountKey for your project, and a valid JWT generated from your project.

Every http and https request made should go through the request logger. For admin.auth() calls, options.agent is undefined, even though we pass one in.

Relevant Code:

// Initial variables here
const serviceAccountKey = "" // replace with serviceAccountKey.json
const token = "" // replace with a valid token from your project

// Setup the firebase-admin app
const admin = require('firebase-admin');
const HttpsProxyAgent = require('https-proxy-agent');
const config = {
    credential: admin.credential.cert(serviceAccountKey),
    httpAgent: new HttpsProxyAgent("https://google.com") // Not a real proxy server, but works as an example
}
admin.initializeApp(config)


// Setup hooks for logging
function requestLogger(httpModule) {
    var original = httpModule.request
    httpModule.request = function (options, callback) {
        console.log(options.agent)
        return original(options, callback)
    }
}

requestLogger(require('http'))
requestLogger(require('https'))

// Make the API request
admin.auth().verifyIdToken(token)

[hiranya911]

This is because the fetchPublicKeys() method doesn't use the HTTP Agent:

firebase-admin-node/src/auth/token-verifier.ts

Line 273 in 5595dc2

private fetchPublicKeys(): Promise<{[key: string]: string}> {

We can fix it in a future release.

[vany0114]

Is there a workaround for this? I really need this

[kevinp]

I do too.

[vany0114]

I just realized that the latest version actually honors the HTTP agent passed in the options.