Enable project to be set for ADC credential object

[adamcunnington-mlg]

As per the excellent write up @ https://medium.com/google-cloud/google-oauth-credential-going-deeper-the-hard-way-f403cf3edf9d, you can't effectively use application default credentials with the googleapiclient library because gcloud auth application default login uses some internal google cloud project client id which the credential object within the google.auth library then extracts the project from, instead of the quota_project_id.

I assume this is for some technical reason - e.g. there's still actually a client id that is used for exchanging various tokens etc. but it is super unfortunate because it renders ADC effectively useless with googleapiclient. Curiously, the same problem doesn't exist with gcloud libraries.

The only workaround is to explicitly pass a custom client id file; gcloud auth application default login --client-id-file ..., as described by the medium article. But then I'm having to share out the client id file amongst my developers which I want to avoid.

[adamcunnington-mlg]

Basically, proposed solution to this problem is to allow a user of googleapiclient to provide some explicit project override instead of retrieving from the client id specified in the credential object OR to explicitly support ADC, e.g. parse the credential object, sensitive to when it is in fact an impersonated service account and extract the project id from the service account information instead of the oauth2 client.

[adamcunnington-mlg]

Actually, I am closing this issue because this is possible since googleapiclient provided explicit support for google.auth. It's just a case of providing an explicit google.auth.default(quota_project_id=xxx) credential object to discovery.build(credentials=...) OR not providing a credentials object to discover.build() at all in which case, googleapiclient successfully extracts from environment (via client_options object).