We have at couple of requests to fetch the access token. A few observations:

• The token should include the string value and the expiration time.
• The token should be wrapped in a CacheableResource<>.
• We should return an error for API keys.

• we need direct access to an access token to integrate with existing libraries like object_store. object_store has pretty rudimentary support for how it does gcloud auth, we were aiming to use your first party auth library to make it more complete/customized for our specific environments.

@sai-sunder-s now that we have a clear need, we should restore the second method in Credentials to fetch the token. It would need to be something like:

impl Credentials {
  async pub fn access_token(&self, ...) -> Result<CacheableResource<AccessToken>>;

because it can fail to fetch the token (or the credential type may not support tokens at all) and you may want to cache a derived value and avoid recomputation. And AccessToken would be something like:

struct AccessToken { /* all private */}
impl AccessToken {
  pub fn value(&self) -> String;
  pub fn type(&self) -> &'static str; // typically `Bearer`
  pub fn expiration_time(&self) -> std::time::Instant /* ??? SystemTime ??? */
}

We also need to consider how to create tokens for mocking.

Originally posted by @coryan in #2879