Fall back to gcloud session if application_default_credentials.json is invalid/expired

[andrewhamon]

If ~/.config/gcloud/application_default_credentials.json exists and is invalid, oauth2l will always fail, even if I log in to gcloud using gcloud auth login.

This is quite annoying, since it is quite common for stale ~/.config/gcloud/application_default_credentials.json to be hanging around (i.e. if I ran gcloud auth login --update-adc yesterday, but later logged in today without --update-adc). In my company, application_default_credentials.json that are fetched in this way expire relatively quickly (24 hours or less).

It would be very convenient if oauth2l did some or all of the following:

• fall back to the non-application-default gcloud session if application_default_credentials.json fail
• add a flag to make oauth2l ignore application_default_credentials.json
• change the priority order, so that a gcloud session is preferred over application_default_credentials.json

[andrewhamon]

Somewhat related, on gcloud servers it is not uncommon to be logged in with a personal identity. As far as I know, there is no way to tell oauth2l if it should prefer the current gcloud session, application_default_credentials.json, or the instances service account (all of which could be different identities, in theory).