feat: fetch-Compatible API

Author: d-goog

.readme-partials.yaml

@@ -40,18 +40,13 @@ body: |-
   * Instead of specifying the type of client you'd like to use (JWT, OAuth2, etc)
   * this library will automatically choose the right client based on the environment.
   */
-  async function main() {
-    const auth = new GoogleAuth({
-      scopes: 'https://www.googleapis.com/auth/cloud-platform'
-    });
-    const client = await auth.getClient();
-    const projectId = await auth.getProjectId();
-    const url = `https://dns.googleapis.com/dns/v1/projects/${projectId}`;
-    const res = await client.request({ url });
-    console.log(res.data);
-  }
-
-  main().catch(console.error);
+  const auth = new GoogleAuth({
+    scopes: 'https://www.googleapis.com/auth/cloud-platform'
+  });
+  const projectId = await auth.getProjectId();
+  const url = `https://dns.googleapis.com/dns/v1/projects/${projectId}`;
+  const res = await auth.fetch(url);
+  console.log(res.data);
   ```
 
   ## OAuth2
@@ -81,10 +76,11 @@ body: |-
   */
   async function main() {
     const oAuth2Client = await getAuthenticatedClient();
-    // Make a simple request to the People API using our pre-authenticated client. The `request()` method
-    // takes an GaxiosOptions object.  Visit https://github.com/JustinBeckwith/gaxios.
+    // Make a simple request to the People API using our pre-authenticated client. The `fetch` and
+    // `request` methods accept a [`GaxiosOptions`](https://github.com/googleapis/gaxios)
+    // object.
     const url = 'https://people.googleapis.com/v1/people/me?personFields=names';
-    const res = await oAuth2Client.request({url});
+    const res = await oAuth2Client.fetch(url);
     console.log(res.data);
 
     // After acquiring an access_token, you may want to check on the audience, expiration,
@@ -156,6 +152,7 @@ body: |-
   This library will automatically obtain an `access_token`, and automatically refresh the `access_token` if a `refresh_token` is present.  The `refresh_token` is only returned on the [first authorization](https://github.com/googleapis/google-api-nodejs-client/issues/750#issuecomment-304521450), so if you want to make sure you store it safely. An easy way to make sure you always store the most recent tokens is to use the `tokens` event:
 
   ```js
+  const auth = new GoogleAuth();
   const client = await auth.getClient();
 
   client.on('tokens', (tokens) => {
@@ -166,9 +163,10 @@ body: |-
     console.log(tokens.access_token);
   });
 
+  const projectId = await auth.getProjectId();
   const url = `https://dns.googleapis.com/dns/v1/projects/${projectId}`;
-  const res = await client.request({ url });
   // The `tokens` event would now be raised if this was the first request
+  const res = await client.fetch(url);
   ```
 
   #### Retrieve access token
@@ -241,18 +239,14 @@ body: |-
   const {JWT} = require('google-auth-library');
   const keys = require('./jwt.keys.json');
 
-  async function main() {
-    const client = new JWT({
-      email: keys.client_email,
-      key: keys.private_key,
-      scopes: ['https://www.googleapis.com/auth/cloud-platform'],
-    });
-    const url = `https://dns.googleapis.com/dns/v1/projects/${keys.project_id}`;
-    const res = await client.request({url});
-    console.log(res.data);
-  }
-
-  main().catch(console.error);
+  const client = new JWT({
+    email: keys.client_email,
+    key: keys.private_key,
+    scopes: ['https://www.googleapis.com/auth/cloud-platform'],
+  });
+  const url = `https://dns.googleapis.com/dns/v1/projects/${keys.project_id}`;
+  const res = await client.fetch(url);
+  console.log(res.data);
   ```
 
   The parameters for the JWT auth client including how to use it with a `.pem` file are explained in [samples/jwt.js](https://github.com/googleapis/google-auth-library-nodejs/blob/main/samples/jwt.js).
@@ -288,16 +282,12 @@ body: |-
   }
   const keys = JSON.parse(keysEnvVar);
 
-  async function main() {
-    // load the JWT or UserRefreshClient from the keys
-    const client = auth.fromJSON(keys);
-    client.scopes = ['https://www.googleapis.com/auth/cloud-platform'];
-    const url = `https://dns.googleapis.com/dns/v1/projects/${keys.project_id}`;
-    const res = await client.request({url});
-    console.log(res.data);
-  }
-
-  main().catch(console.error);
+  // load the JWT or UserRefreshClient from the keys
+  const client = auth.fromJSON(keys);
+  client.scopes = ['https://www.googleapis.com/auth/cloud-platform'];
+  const url = `https://dns.googleapis.com/dns/v1/projects/${keys.project_id}`;
+  const res = await client.fetch(url);
+  console.log(res.data);
   ```
 
   **Important**: If you accept a credential configuration (credential JSON/File/Stream) from an external source for authentication to Google Cloud, you must validate it before providing it to any Google API or library. Providing an unvalidated credential configuration to Google APIs can compromise the security of your systems and data. For more information, refer to [Validate credential configurations from external sources](https://cloud.google.com/docs/authentication/external/externally-sourced-credentials).
@@ -313,18 +303,14 @@ body: |-
   ``` js
   const {auth, Compute} = require('google-auth-library');
 
-  async function main() {
-    const client = new Compute({
-      // Specifying the service account email is optional.
-      serviceAccountEmail: '[email protected]'
-    });
-    const projectId = await auth.getProjectId();
-    const url = `https://dns.googleapis.com/dns/v1/projects/${projectId}`;
-    const res = await client.request({url});
-    console.log(res.data);
-  }
-
-  main().catch(console.error);
+  const client = new Compute({
+    // Specifying the service account email is optional.
+    serviceAccountEmail: '[email protected]'
+  });
+  const projectId = await auth.getProjectId();
+  const url = `https://dns.googleapis.com/dns/v1/projects/${projectId}`;
+  const res = await client.fetch(url);
+  console.log(res.data);
   ```
 
   ## Workload Identity Federation
@@ -1023,17 +1009,14 @@ body: |-
   The library can now automatically choose the right type of client and initialize credentials from the context provided in the configuration file.
 
   ```js
-  async function main() {
-    const auth = new GoogleAuth({
-      scopes: 'https://www.googleapis.com/auth/cloud-platform'
-    });
-    const client = await auth.getClient();
-    const projectId = await auth.getProjectId();
-    // List all buckets in a project.
-    const url = `https://storage.googleapis.com/storage/v1/b?project=${projectId}`;
-    const res = await client.request({ url });
-    console.log(res.data);
-  }
+  const auth = new GoogleAuth({
+    scopes: 'https://www.googleapis.com/auth/cloud-platform'
+  });
+  const projectId = await auth.getProjectId();
+  // List all buckets in a project.
+  const url = `https://storage.googleapis.com/storage/v1/b?project=${projectId}`;
+  const res = await client.fetch(url);
+  console.log(res.data);
   ```
 
   When using external identities with Application Default Credentials in Node.js, the `roles/browser` role needs to be granted to the service account.
@@ -1056,14 +1039,12 @@ body: |-
   const {ExternalAccountClient} = require('google-auth-library');
   const jsonConfig = require('/path/to/config.json');
 
-  async function main() {
-    const client = ExternalAccountClient.fromJSON(jsonConfig);
-    client.scopes = ['https://www.googleapis.com/auth/cloud-platform'];
-    // List all buckets in a project.
-    const url = `https://storage.googleapis.com/storage/v1/b?project=${projectId}`;
-    const res = await client.request({url});
-    console.log(res.data);
-  }
+  const client = ExternalAccountClient.fromJSON(jsonConfig);
+  client.scopes = ['https://www.googleapis.com/auth/cloud-platform'];
+  // List all buckets in a project.
+  const url = `https://storage.googleapis.com/storage/v1/b?project=${projectId}`;
+  const res = await client.fetch(url);
+  console.log(res.data);
   ```
 
   #### Security Considerations
@@ -1087,15 +1068,11 @@ body: |-
   // Make a request to a protected Cloud Run service.
   const {GoogleAuth} = require('google-auth-library');
 
-  async function main() {
-    const url = 'https://cloud-run-1234-uc.a.run.app';
-    const auth = new GoogleAuth();
-    const client = await auth.getIdTokenClient(url);
-    const res = await client.request({url});
-    console.log(res.data);
-  }
-
-  main().catch(console.error);
+  const url = 'https://cloud-run-1234-uc.a.run.app';
+  const auth = new GoogleAuth();
+  const client = await auth.getIdTokenClient(url);
+  const res = await client.fetch(url);
+  console.log(res.data);
   ```
 
   A complete example can be found in [`samples/idtokens-serverless.js`](https://github.com/googleapis/google-auth-library-nodejs/blob/main/samples/idtokens-serverless.js).
@@ -1107,16 +1084,12 @@ body: |-
   // Make a request to a protected Cloud Identity-Aware Proxy (IAP) resource
   const {GoogleAuth} = require('google-auth-library');
 
-  async function main()
-    const targetAudience = 'iap-client-id';
-    const url = 'https://iap-url.com';
-    const auth = new GoogleAuth();
-    const client = await auth.getIdTokenClient(targetAudience);
-    const res = await client.request({url});
-    console.log(res.data);
-  }
-
-  main().catch(console.error);
+  const targetAudience = 'iap-client-id';
+  const url = 'https://iap-url.com';
+  const auth = new GoogleAuth();
+  const client = await auth.getIdTokenClient(targetAudience);
+  const res = await client.fetch(url);
+  console.log(res.data);
   ```
 
   A complete example can be found in [`samples/idtokens-iap.js`](https://github.com/googleapis/google-auth-library-nodejs/blob/main/samples/idtokens-iap.js).
@@ -1189,7 +1162,7 @@ body: |-
 
     // Use impersonated credentials:
     const url = 'https://www.googleapis.com/storage/v1/b?project=anotherProjectID'
-    const resp = await targetClient.request({ url });
+    const resp = await targetClient.fetch(url);
     for (const bucket of resp.data.items) {
       console.log(bucket.name);
     }

samples/adc.js

@@ -28,7 +28,7 @@ async function main() {
   const client = await auth.getClient();
   const projectId = await auth.getProjectId();
   const url = `https://dns.googleapis.com/dns/v1/projects/${projectId}`;
-  const res = await client.request({url});
+  const res = await client.fetch(url);
   console.log('DNS Info:');
   console.log(res.data);
 }

samples/compute.js

@@ -28,7 +28,7 @@ async function main() {
   });
   const projectId = await auth.getProjectId();
   const url = `https://dns.googleapis.com/dns/v1/projects/${projectId}`;
-  const res = await client.request({url});
+  const res = await client.fetch(url);
   console.log(res.data);
 }
 

samples/credentials.js

@@ -43,7 +43,7 @@ async function main() {
   const client = await auth.getClient();
   const projectId = await auth.getProjectId();
   const url = `https://dns.googleapis.com/dns/v1/projects/${projectId}`;
-  const res = await client.request({url});
+  const res = await client.fetch(url);
   console.log('DNS Info:');
   console.log(res.data);
 }

samples/idtokens-iap.js

@@ -35,7 +35,7 @@ function main(
   async function request() {
     console.info(`request IAP ${url} with target audience ${targetAudience}`);
     const client = await auth.getIdTokenClient(targetAudience);
-    const res = await client.request({url});
+    const res = await client.fetch(url);
     console.info(res.data);
   }
 

samples/idtokens-serverless.js

@@ -65,7 +65,7 @@ function main(
 
     // Alternatively, one can use `client.idTokenProvider.fetchIdToken`
     // to return the ID Token.
-    const res = await client.request({url});
+    const res = await client.fetch(url);
     console.info(res.data);
   }
 

samples/jwt.js

@@ -38,7 +38,7 @@ async function main(
     scopes: ['https://www.googleapis.com/auth/cloud-platform'],
   });
   const url = `https://dns.googleapis.com/dns/v1/projects/${keys.project_id}`;
-  const res = await client.request({url});
+  const res = await client.fetch(url);
   console.log('DNS Info:');
   console.log(res.data);
 

samples/keyfile.js

@@ -33,7 +33,7 @@ async function main(
   const client = await auth.getClient();
   const projectId = await auth.getProjectId();
   const url = `https://dns.googleapis.com/dns/v1/projects/${projectId}`;
-  const res = await client.request({url});
+  const res = await client.fetch(url);
   console.log('DNS Info:');
   console.log(res.data);
 }

src/auth/authclient.ts

@@ -20,6 +20,18 @@ import {OriginalAndCamel, originalOrCamelOptions} from '../util';
 
 import {PRODUCT_NAME, USER_AGENT} from '../shared.cjs';
 
+/**
+ * An interface for enforcing `fetch`-type compliance.
+ *
+ * @remarks
+ *
+ * This provides type guarantees during build-time, ensuring the `fetch` method is 1:1
+ * compatible with the `Gaxios#fetch` API.
+ */
+interface GaxiosFetchCompliance {
+  fetch: typeof fetch | Gaxios['fetch'];
+}
+
 /**
  * Base auth configurations (e.g. from JWT or `.json` files) with conventional
  * camelCased options.
@@ -192,7 +204,7 @@ export declare interface AuthClient {
 
 export abstract class AuthClient
   extends EventEmitter
-  implements CredentialsClient
+  implements CredentialsClient, GaxiosFetchCompliance
 {
   apiKey?: string;
   projectId?: string | null;
@@ -238,9 +250,66 @@ export abstract class AuthClient
     this.forceRefreshOnFailure = opts.forceRefreshOnFailure ?? false;
   }
 
+  /**
+   * A {@link fetch `fetch`} compliant API for {@link AuthClient}.
+   *
+   * @see {@link AuthClient.request} for the classic method.
+   *
+   * @remarks
+   *
+   * This is useful as a drop-in replacement for `fetch` API usage.
+   *
+   * @example
+   *
+   * ```ts
+   * const authClient = new AuthClient();
+   * const fetchWithAuthClient: typeof fetch = (...args) => authClient.fetch(...args);
+   * await fetchWithAuthClient('https://example.com');
+   * ```
+   *
+   * @param args `fetch` API or {@link Gaxios.fetch `Gaxios#fetch`} parameters
+   * @returns the {@link GaxiosResponse} with Gaxios-added properties
+   */
+  fetch<T>(...args: Parameters<Gaxios['fetch']>): GaxiosPromise<T> {
+    // Up to 2 parameters in either overload
+    const input = args[0];
+    const init = args[1];
+
+    let url: URL | undefined = undefined;
+    const headers = new Headers();
+
+    // prepare URL
+    if (typeof input === 'string') {
+      url = new URL(input);
+    } else if (input instanceof URL) {
+      url = input;
+    } else if (input && input.url) {
+      url = new URL(input.url);
+    }
+
+    // prepare headers
+    if (input && typeof input === 'object' && 'headers' in input) {
+      Gaxios.mergeHeaders(headers, input.headers);
+    }
+    if (init) {
+      Gaxios.mergeHeaders(headers, new Headers(init.headers));
+    }
+
+    // prepare request
+    if (typeof input === 'object' && !(input instanceof URL)) {
+      // input must have been a non-URL object
+      return this.request({...init, ...input, headers, url});
+    } else {
+      // input must have been a string or URL
+      return this.request({...init, headers, url});
+    }
+  }
+
   /**
    * The public request API in which credentials may be added to the request.
    *
+   * @see {@link AuthClient.fetch} for the modern method.
+   *
    * @param options options for `gaxios`
    */
   abstract request<T>(options: GaxiosOptions): GaxiosPromise<T>;