Factory HttpClientOptions not used by Client in createAppCheck

[JConseil]

Describe the bug

When we set options to the Factory for timeout and proxy, the call to the method createAppCheck() will return a new AppCheck which is using a CachedKeySet that can't use the same options.

        use Kreait\Firebase\Factory;
        $factory = (new Factory)->withServiceAccount('/path/to/firebase_credentials.json');
        $options = HttpClientOptions::default();
        $options = $options->withTimeOut(3.5);
        // Use a proxy that all API requests should be passed through.
        $options = $options->withProxy('tcp://<host>:<port>');
        $factory = $factory->withHttpClientOptions($options);

        $appCheck = $factory->createAppCheck();

Here, $appCheck will not have the proxy and timeout options for the CachedKeySet :

        $keySet = new CachedKeySet(
            'https://firebaseappcheck.googleapis.com/v1/jwks',
            new Client(), // <---- new Guzzle Http Client which will not receive the Guzzle Config
            $this->httpFactory,
            $this->keySetCache,
            21600,
            true,
        );
        return new AppCheck(
            new AppCheck\ApiClient($http),
            new AppCheckTokenGenerator(
                $this->serviceAccount['client_email'],
                $this->serviceAccount['private_key'],
                $this->clock,
            ),
            new AppCheckTokenVerifier($projectId, $keySet),
        );

It works for us only if we modify like this :

        $keySet = new CachedKeySet(
            'https://firebaseappcheck.googleapis.com/v1/jwks',
            new Client($this->httpClientOptions->guzzleConfig()), // <--- we pass the Factory's GuzzleConfig
            $this->httpFactory,
            $this->keySetCache,
            21600,
            true,
        );

Installed packages

firebase/php-jwt : v6.8.0

PHP version and extensions

PHP 8.1.19
Composer 2.2.7

Steps to reproduce the issue.

With this example :

        use Kreait\Firebase\Factory;
        $factory = (new Factory)->withServiceAccount('/path/to/firebase_credentials.json');
        $options = HttpClientOptions::default();
        $options = $options->withTimeOut(3.5);
        // Use a proxy that all API requests should be passed through.
        $options = $options->withProxy('****** put real proxy here ******');
        $factory = $factory->withHttpClientOptions($options);

        $appCheck = $factory->createAppCheck();
        $appCheckToken = '****** put a token here ******';
        $appCheck->verifyToken($appCheckToken);

When we call verifyToken :

• instead of having a timeout after 3.5 seconds, it takes 60 seconds (default Guzzle timeout).
• the response is a 504
• debug of HttpClient used by JWT::keyIdExists shows no options (no timeout, no proxy)

If we use the same code but change how the Factory create a new Client()

When we call verifyToken :

• we have a timeout after 3.5 seconds
• if we add the proxy, no more timeout and no more 504 Response. We receive a real response from https://firebaseappcheck.googleapis.com/

Error message/Stack trace

-

Additional information

No response

[jeromegamez]

Thank you for the detailed issue description and for providing a solution, much appreciated! I'll get to it as soon as I can 💪🏻

Out of curiosity: since you are on PHP 8.1, have you considered upgrading the SDK to the current 7.x release?

[JConseil]

Thanks if it can help.
By the way, we're currently on kreait/firebase-php 7.5 (sorry for only mentionning firebase/php-jwt v6.8)

[jeromegamez]

🚀 https://github.com/kreait/firebase-php/releases/tag/7.5.1

Let me know if it now works/still doesn't work 🙏🏻

[JConseil]

Thanks Jérôme, it works fine. Timeout and proxy are now perfectly used. 👍