Allow specifying access_token to use

[salrashid123]

There are situations where you can end up with just the access_token. (eg. non-refereshable token for an endusers via oauth webflow).

There doesn't seem to be any way to place that raw token and initialize gcloud node. (gcloud-java recently added it in:
googleapis/google-cloud-java#1029

here are some references for the older googleapis node client:
https://github.com/google/google-api-nodejs-client#making-authenticated-requests

and a citation about overriding the config
#678 (comment)

[mbleigh]

+1 to the issue. I've issued a pull request against google-auto-auth that would allow for:

var gcloud = require('gcloud')({
  credentials: {accessToken: 'ACCESS_TOKEN_HERE'}
});

[stephenplusplus]

Thank you for the PR over there, @mbleigh! What do you think about just not using google-auto-auth if a user provides a token?

[stephenplusplus]

continuing from #1410 (comment)

There are a couple edge cases:

1. Calls made with gRPC APIs won't use the token (Datastore, Logging, Pub/Sub for now)
2. There are other libraries we use-- gce-images & gcs-resumable-upload-- that would need to be updated to accept just an access token (and we would have to provide the access token the user give us to those libraries)

@murgatroid99 is there a way to provide gRPC with just an access token?

[murgatroid99]

The simplest way to use a plain access token would be to add it to the call's metadata, the same way you would add it to headers for an HTTP request. If you don't want to deal with adding it to every call, you can also create a CallCredentials object, similarly to how you would create one for GoogleAuth credentials:

var creds = grpc.credentials.createFromMetadataGenerator(function(args, callback) {
  var metadata = new Metadata();
  metadata.add('authorization', 'Bearer: '+ access_token);
  return metadata;
});

Then you can pass it to a call in the options field, or compose it with SSL credentials using grpc.credentials.combineChannelCredentials and then using the resulting object to create a channel.

[stephenplusplus]

Awesome, thanks!

[sedouard]

Hey there. We're planning on adding GCE support to our cloud management platform. Through we're planning on getting an auth token from our users with permission scopes into GCP. Today can we pass access_token directly to this client? Or should I manually be adding the authorization header to all requests?