google: update compute token refresh

The shortest MDS token cache time is 4 minutes. The refresh window is updated to 3 minutes and 45 seconds to give the MDS time to update it's cache. This should make slow refreshes less likely to cause failures. Done in googleapis/google-cloud-go#9139 for the other auth library. Change-Id: Ifa353248197d8998e6b0363d1f2821b45a0e6495 Reviewed-on: https://go-review.googlesource.com/c/oauth2/+/584815 Auto-Submit: Cody Oss <codyoss@google.com> TryBot-Bypass: Cody Oss <codyoss@google.com> Run-TryBot: Cody Oss <codyoss@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Cody Oss <codyoss@google.com>
golang · May 10, 2024 · 5fd4241 · 5fd4241
1 parent 84cb9f7
commit 5fd4241
Showing 1 changed file with 4 additions and 1 deletion.
diff --git a/google/google.go b/google/google.go
@@ -252,7 +252,10 @@ func (f *credentialsFile) tokenSource(ctx context.Context, params CredentialsPar
 // Further information about retrieving access tokens from the GCE metadata
 // server can be found at https://cloud.google.com/compute/docs/authentication.
 func ComputeTokenSource(account string, scope ...string) oauth2.TokenSource {
-	return computeTokenSource(account, 0, scope...)
+	// refresh 3 minutes and 45 seconds early. The shortest MDS cache is currently 4 minutes, so any
+	// refreshes earlier are a waste of compute.
+	earlyExpirySecs := 225 * time.Second
+	return computeTokenSource(account, earlyExpirySecs, scope...)
 }
 
 func computeTokenSource(account string, earlyExpiry time.Duration, scope ...string) oauth2.TokenSource {