feat: add fetch_id_token to support id_token adc (#469)

feat: id_token adc with gcloud cred
diff --git a/system_tests/noxfile.py b/system_tests/noxfile.py
index 6e66eb4..14cd3db 100644
--- a/system_tests/noxfile.py
+++ b/system_tests/noxfile.py
@@ -200,7 +200,7 @@
     session.env[EXPECT_PROJECT_ENV] = "1"
     session.install(*TEST_DEPENDENCIES)
     session.install(LIBRARY_DIR)
-    session.run("pytest", "test_default.py")
+    session.run("pytest", "test_default.py", "test_id_token.py")
 
 
 @nox.session(python=PYTHON_VERSIONS)
diff --git a/system_tests/test_compute_engine.py b/system_tests/test_compute_engine.py
index bcfdfd6..b0d42f3 100644
--- a/system_tests/test_compute_engine.py
+++ b/system_tests/test_compute_engine.py
@@ -20,6 +20,9 @@
 from google.auth import exceptions
 from google.auth import jwt
 from google.auth.compute_engine import _metadata
+import google.oauth2.id_token
+
+AUDIENCE = "https://pubsub.googleapis.com"
 
 
 @pytest.fixture(autouse=True)
@@ -53,10 +56,17 @@
 
 def test_id_token_from_metadata(http_request):
     credentials = compute_engine.IDTokenCredentials(
-        http_request, "target_audience", use_metadata_identity_endpoint=True
+        http_request, AUDIENCE, use_metadata_identity_endpoint=True
     )
     credentials.refresh(http_request)
 
     _, payload, _, _ = jwt._unverified_decode(credentials.token)
-    assert payload["aud"] == "target_audience"
+    assert payload["aud"] == AUDIENCE
     assert payload["exp"] == credentials.expiry
+
+
+def test_fetch_id_token(http_request):
+    token = google.oauth2.id_token.fetch_id_token(http_request, AUDIENCE)
+
+    _, payload, _, _ = jwt._unverified_decode(token)
+    assert payload["aud"] == AUDIENCE
diff --git a/system_tests/test_id_token.py b/system_tests/test_id_token.py
new file mode 100644
index 0000000..b07cefc
--- /dev/null
+++ b/system_tests/test_id_token.py
@@ -0,0 +1,25 @@
+# Copyright 2020 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+import pytest
+
+from google.auth import jwt
+import google.oauth2.id_token
+
+
+def test_fetch_id_token(http_request):
+    audience = "https://pubsub.googleapis.com"
+    token = google.oauth2.id_token.fetch_id_token(http_request, audience)
+
+    _, payload, _, _ = jwt._unverified_decode(token)
+    assert payload["aud"] == audience