PR fixes from #1812

src/app/credential-internal.ts

@@ -21,7 +21,7 @@ import path = require('path');
 
 import { Agent } from 'http';
 import { Credential, GoogleOAuthAccessToken } from './credential';
-import { AppErrorCodes, FirebaseAppError } from '../utils/error';
+import { AppErrorCodes, FirebaseAppError, FirebaseError } from '../utils/error';
 import { HttpClient, HttpRequestConfig, HttpError, HttpResponse } from '../utils/api-request';
 import * as util from '../utils/validator';
 
@@ -437,7 +437,13 @@ function requestAccessToken(client: HttpClient, request: HttpRequestConfig): Pro
  */
 function requestIDToken(client: HttpClient, request: HttpRequestConfig): Promise<string> {
   return client.send(request).then((resp) => {
-    return resp.text || '';
+    if (!resp.text) {
+      throw new FirebaseAppError(
+        AppErrorCodes.INVALID_CREDENTIAL,
+        `Unexpected response while fetching id token: response.text is undefined`,
+      );
+    }
+    return resp.text;
   }).catch((err) => {
     throw new FirebaseAppError(AppErrorCodes.INVALID_CREDENTIAL, getErrorMessage(err));
   });

src/functions/functions-api-client-internal.ts

@@ -231,7 +231,7 @@ export class FunctionsApiClient {
       : await this.getUrl(resources, FIREBASE_FUNCTION_URL_FORMAT);
     task.httpRequest.url = functionUrl;
     // When run from a deployed extension, we should be using ComputeEngineCredentials
-    if (extensionId && this.app.options.credential instanceof ComputeEngineCredential) {
+    if (validator.isNonEmptyString(extensionId) && this.app.options.credential instanceof ComputeEngineCredential) {
       const idToken = await this.app.options.credential.getIDToken(functionUrl);
       task.httpRequest.headers = { ...task.httpRequest.headers, 'Authorization': `Bearer ${idToken}` };
       // Don't send httpRequest.oidcToken if we set Authorization header, or Cloud Tasks will overwrite it.