When using application default credentials, `access_token` is present but `expires_in` is missing from OAuth response, causing "Unexpected response while fetching access token"

[romannurik]

• Operating System version: Mac
• Firebase SDK version: 11.5.0
• Firebase Product: Admin SDK (Auth)
• Node.js version: 18.17.1
• NPM version: 9.6.7

[REQUIRED] Step 3: Describe the problem

I'm getting the following error from the Admin SDK when using application default credentials to authenticate:

{
  code: 'app/invalid-credential',
  message: 'Credential implementation provided to initializeApp() via the "credential" property failed to fetch a valid Google OAuth2 access token with the following error:
    "Error fetching access token: Unexpected response while fetching access token:
    {"access_token":"ya29.<redacted>","token_type":"Bearer"}".'
}

(line breaks added for legibility)

Which seems to indicate a valid access token is being provisioned (there's a token in there that starts with ya29.), but the library isn't reading it correctly.

It seems like the library is expecting an expires_in key to appear as well but that key is missing in the response it's getting from Google's auth APIs.

Steps to reproduce:

1. Use application default credentials (GOOGLE_APPLICATION_CREDENTIALS=sa.json and credential: applicationDefault()) with the Node Admin SDK
2. Grab sa.json from your project's Service Accounts tab in the Firebase console.
3. Try to use Admin SDK APIs such as getAuth, auth.verifySessionCookie, etc. (my code is here if needed).
4. Observe [in some cases?] you see the error cited above.