oauth2: expire the tokens 10 seconds earlier

It avoids the late expiration due to the server time mismatch. Change-Id: I126a76cff112fbeb92b71dd036195555b20e637b Reviewed-on: https://go-review.googlesource.com/3307 Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
2015-01-26 10:43:56 -08:00
parent d8ba9d6c17
commit 2b74ab268d
2 changed files with 27 additions and 2 deletions
--- a/token.go
+++ b/token.go
@@ -10,6 +10,11 @@ import (
 	"time"
 )

+// expiryDelta determines how earlier a token should be considered
+// expired than its actual expiration time. It is used to avoid late
+// expirations due to client-server time mismatches.
+const expiryDelta = 10 * time.Second
+
 // Token represents the crendentials used to authorize
 // the requests to access protected resources on the OAuth 2.0
 // provider's backend.
@@ -90,7 +95,7 @@ func (t *Token) expired() bool {
 	if t.Expiry.IsZero() {
 		return false
 	}
-	return t.Expiry.Before(time.Now())
+	return t.Expiry.Add(-expiryDelta).Before(time.Now())
 }

 // Valid reports whether t is non-nil, has an AccessToken, and is not expired.