Error: Invalid RSA public key when using verifySignedJwtWithCertsAsync with Google IAP JWT token

[ericmalen]

Issue Summary

I am encountering an error, "TypeError - Invalid RSA public key", when trying to use the verifySignedJwtWithCertsAsync method from the google-auth-library-nodejs library to validate an IAP JWT token retrieved from the request header. I cannot find the source of this issue, can anyone help?

Code Snippet

const retrieveUserEmail = async (header: Headers) => {
  const token = header.get('x-goog-iap-jwt-assertion');

  if(!token){
    return 'Unidentified User';
  } 

  const oAuth2Client = new gAuth.OAuth2Client();
  const keys = await oAuth2Client.getIapPublicKeys();
  const audience = '/projects/***************/global/backendServices/***************';
  const ticket = await oAuth2Client.verifySignedJwtWithCertsAsync(
    token,
    keys.pubkeys,
    audience,
    ['https://cloud.google.com/iap']
  );

  const payload = ticket.getPayload();

  return payload?.email;
};

Expected Behavior

I expected the verifySignedJwtWithCertsAsync method to successfully validate the IAP JWT token and for my function to return the user's email.

Actual Behavior

The method is throwing a TypeError - Invalid RSA public key error.

Additional Information

runtime: deno
deno version: 1.39.1
google-auth-library-nodejs version: 9.4.1

[danielbankhead]

I believe this is an upstream issue in Deno:

• https://github.com/denoland/deno/issues/18972

Today, we don't officially support Deno, however we have a tracking issue for support:

• https://github.com/googleapis/google-auth-library-nodejs/issues/1638