Support OAuth2 token

[ruyadorno]

Feature Description

A Cloud SQL Node.js Connector user should be able to connect to Cloud SQL Admin APIs using a OAuth2 token.

[joehan]

Googler here - https://github.com/firebase/firebase-tools/ is looking to use this connector for some upcoming features, and this would be a extremely helpful feature for us (since most of our users use OAuth2).

[jackwotherspoon]

@joehan thanks for the comment! Will bump priority in that case to move this up the backlog

[enocom]

@joehan This issue might be lacking some details. We recently added support for specifying a GoogleAuth value in #238 with an example usage in the README.

I assume GoogleAuth doesn't satisfy the requirement here? Are you looking for a full OAuth2 flow, or just a way to pass in an OAuth2 token like the Cloud SQL Proxy supports?

[joehan]

@enocom - we just need a way to pass in a OAuth2 token, since firebase-tools already implements a full OAuth2 flow. Is there an easy way to do this with the GoogleAuth library that I missed?

[enocom]

Have you tried something like this? I haven't tested this, and am just following the types, so this might be wrong.

import {JWT} from 'google-auth-library';
import {Connector} from '@google-cloud/cloud-sql-connector';

const jwt = new JWT({});
jwt.fromAPIKey("token goes here");

const connector = new Connector({
  auth: jwt
});

[joehan]

@enocom That didn't quite work - JWT.fromAPIKey expects a API key, but we have a access token. I spent a fair bit of time playing with google-auth-library, and AFAICT, there isn't a way to go from access token -> AuthClient. This makes sense, as the purpose of the AuthClient is to get access tokens.

We could implement a 'dummy' authclient that just returns the access_token we already have, but a simple way to just pass a access token to the connector would be much cleaner for us.

I'm going to keep hacking around to see if I can get something working, and I'll update here if I do.

[joehan]

Hey all, we ended up finding a solution that worked for us by implementing our own AuthClient and passing it into the Connector. Feel free to deprioritize this if needed - our current solution is probably a bit more brittle, but definitely does what we need.

[enocom]

Thanks, @joehan. This is on our list, but below a number of high priority items.