for #180: allow HTTP requests in default hyper client.

If an attacker could manipulate URLs for token retrieval etc., they
could wreak considerably more havoc than a downgrade attack.

Author: dermesser

src/authenticator.rs

@@ -715,8 +715,8 @@ mod private {
                 AuthFlow::ServiceAccountFlow(service_account_flow) => {
                     service_account_flow.token(hyper_client, scopes).await
                 }
-                AuthFlow::ApplicationDefaultCredentialsFlow(service_account_flow) => {
-                    service_account_flow.token(hyper_client, scopes).await
+                AuthFlow::ApplicationDefaultCredentialsFlow(adc_flow) => {
+                    adc_flow.token(hyper_client, scopes).await
                 }
                 AuthFlow::AuthorizedUserFlow(authorized_user_flow) => {
                     authorized_user_flow.token(hyper_client, scopes).await
@@ -780,7 +780,7 @@ impl HyperClientBuilder for DefaultHyperClient {
         #[cfg(feature = "hyper-rustls")]
         let connector = hyper_rustls::HttpsConnectorBuilder::new()
             .with_native_roots()
-            .https_only()
+            .https_or_http()
             .enable_http1()
             .enable_http2()
             .build();