Issue with google-auth

[maelp]

Please make sure you have searched for information in the following guides.

• Search the issues already opened: https://github.com/GoogleCloudPlatform/google-cloud-node/issues
• Search StackOverflow: http://stackoverflow.com/questions/tagged/google-cloud-platform+node.js
• Check our Troubleshooting guide: https://github.com/googleapis/google-cloud-node/blob/main/docs/troubleshooting.md
• Check our FAQ: https://github.com/googleapis/google-cloud-node/blob/main/docs/faq.md
• Check our libraries HOW-TO: https://github.com/googleapis/gax-nodejs/blob/main/client-libraries.md
• Check out our authentication guide: https://github.com/googleapis/google-auth-library-nodejs
• Check out handwritten samples for many of our APIs: https://github.com/GoogleCloudPlatform/nodejs-docs-samples
• Check the API's issue tracker: https://cloud.google.com/support/docs/issue-trackers

Library Name

google-cloud-storage

A screenshot that you have tested with "Try this API".

We’re seeing a reproducible failure in the signed URL path of @google-cloud/storage, while
both direct IAM signBlob and direct GoogleAuth.sign() succeed in the same container/runtime.

Environment:

• Node.js 22.23.0
• @google-cloud/storage@7.21.0
• transitive google-auth-library@9.15.1
• GCE VM / service account auth
• signed URL generation for GCS objects with V4 signing

Observed behavior:

• Raw POST to https://iamcredentials.googleapis.com/v1/projects/-/serviceAccounts/...:signBlob
  succeeds
• Direct GoogleAuth.sign(blob) succeeds
• storage.bucket(...).file(...).getSignedUrl({ version: "v4", action: "read", expires }) fails
  with:

Error: Invalid response body while trying to fetch
https://iamcredentials.googleapis.com/v1/projects/-/serviceAccounts/...:signBlob: Premature
close
    at Gaxios._request ...
    at Compute.requestAsync ...
    at GoogleAuth.signBlob ...
    at sign (.../@google-cloud/storage/.../signer.js:...)

So this seems specific to the @google-cloud/storage -> google-auth-library@9.x -> gaxios signing
path, not to IAM permissions, API enablement, or bucket/object existence.

### Link to the code that reproduces this issue. A link to a **public** Github Repository or gist with a minimal reproduction.


none

### A step-by-step description of how to reproduce the issue, based on the linked reproduction.


Try to sign a blob, it fails

### A clear and concise description of what the bug is, and what you expected to happen.

See above

### A clear and concise description WHY you expect this behavior, i.e., was it a recent change, there is documentation that points to this behavior, etc. **

It used to work

[github-actions]

Issue was opened with an invalid reproduction link. Please make sure the repository is a valid, publicly-accessible github repository, and make sure the url is complete (example: https://github.com/googleapis/google-cloud-node)