Client network socket disconnected before secure TLS connection was established

[thomaseizinger]

Describe the bug

We've been having repeated CI failures (10+ in the last few days) where the toolkit is unable to fetch the ID token.

To Reproduce

Somewhat difficult to reproduce because it only happens sporadically. I do believe we've only noticed this since we moved to larger (and faster) GitHub-hosted runners. Those seem to be more prone to experience this error but I can't say for certain.

Expected behavior

Reliable CI.

Additional context

We have originally reported this issue in a downstream action. See google-github-actions/auth#496. The troubleshooting there revealed that it is actually an error from the toolkit. Specifically from here:

toolkit/packages/core/src/oidc-utils.ts

Lines 46 to 64 in 683703c

	private static async getCall(id_token_url: string): Promise<string> {
	const httpclient = OidcClient.createHttpClient()
	const res = await httpclient
	.getJson<TokenResponse>(id_token_url)
	.catch(error => {
	throw new Error(
	`Failed to get ID Token. \n
	Error Code : ${error.statusCode}\n
	Error Message: ${error.message}`
	)
	})
	const id_token = res.result?.value
	if (!id_token) {
	throw new Error('Response json body do not have ID Token field')
	}
	return id_token
	}

Here are some test-runs where this failure occurred:

• https://github.com/firezone/firezone/actions/runs/16012489024/job/45173012105
• https://github.com/firezone/firezone/actions/runs/15990853670/job/45103970949
• https://github.com/firezone/firezone/actions/runs/15973172990/job/45049258473
• https://github.com/firezone/firezone/actions/runs/15918683976/job/44901141278
• https://github.com/firezone/firezone/actions/runs/16071981872/job/45358818620