GCP - Cloud Function Domain Wide Delegation using Application Default Credential (no -jwt)

Question

I'm trying to create a cloud function, NodeJS based, that use domain wide delegation access to consume the API method gmail.users.settings.delegates.list.

I looking for a solution that does not use the service account JSON key, i want to use default credential instead.

I configure my local env to emulate the cloud function env using this launch.json file

{
    "version": "0.2.0",
    "configurations": [
        {
            "type": "node",
            "request": "launch",
            "name": "Launch usersOnBehalfCheck",
            "skipFiles": [
                "<node_internals>/**"
            ],
            "env": {
                "GCP_PROJECT":"projectId",
                "GOOGLE_APPLICATION_CREDENTIALS": "pathToJsonFile.json"
            },
            "program": "${workspaceFolder}/index.js"
        }
    ]
}

Printing out the GOOGLE_APPLICATION_CREDENTIALS env variable into GCF seems this variable doesn't exists at all but I don't understand how to better simulate the GCF env

Talking about the auth object, I found two ways:

First:

const gmailDWDAuth = new GoogleAuth({ clientOptions: { subject: inputData.userPrimaryEmail }, scopes: ['https://www.googleapis.com/auth/gmail.settings.basic'] });

console.info({ gmailDWDAuth: gmailDWDAuth }, null, 2);
return gmail.users.settings.delegates.list({ userId: 'me', auth: gmailDWDAuth }) 

Second:

const gmailDWDAuth = await google.auth.getClient({ clientOptions: { subject: inputData.userPrimaryEmail }, scopes: ['https://www.googleapis.com/auth/gmail.settings.basic'] });

console.info({ gmailDWDAuth: gmailDWDAuth }, null, 2);
return gmail.users.settings.delegates.list({ userId: 'me', auth: gmailDWDAuth }) 

inputData.userPrimaryEmail contain a valid GSuite account in the same organization of the service account.

both ways works fine locally but stop working, with Bad Request error, when I published the GCF into GCP .

can anyone help?

---

EDIT

after some hours I found this post speaks about it

I modified my code following his instruction

Third:

    
const DWDAuth = await google.auth.getClient({ scopes: ['https://www.googleapis.com/auth/gmail.settings.basic'] });
DWDAuth.subject = inputData.userPrimaryEmail;
console.info(util.inspect({ DWDAuth: DWDAuth }));

return gmail.users.settings.delegates.list({ userId: inputData.userPrimaryEmail, auth: DWDAuth })

Fourth:

    
const DWDAuth = new GoogleAuth({ scopes: ['https://www.googleapis.com/auth/gmail.settings.basic'] });
const DWDAuthClient = await DWDAuth.getClient();
DWDAuthClient.subject = inputData.userPrimaryEmail;

console.info(util.inspect({ DWDAuthClient: DWDAuthClient }));

return gmail.users.settings.delegates.list({ userId: inputData.userPrimaryEmail, auth: DWDAuthClient })

as before, all of these works fine locally but I get bad request into GCF