oauth2, oauth2/google: add, use ReuseTokenSource

Token caching is now done whenever you make a Client, and
ReuseTokenSource is exported from the oauth2 package and used by the
Google TokenSources (Compute and App Engine).

Token.Expired is now Token.Valid, and works on nil receivers.

Some other wording cleanups in the process.

All tests pass. App Engine should pass, but is untested.

Change-Id: Ibe1d2599ac3ccfe9b399b1672f74bb24cfc8d311
Reviewed-on: https://go-review.googlesource.com/2195
Reviewed-by: Burcu Dogan <jbd@google.com>

google/example_test.go

@@ -69,7 +69,7 @@ func ExampleJWTConfigFromJSON() {
 	// Initiate an http.Client. The following GET request will be
 	// authorized and authenticated on the behalf of
 	// your service account.
-	client := conf.Client(oauth2.NoContext, nil)
+	client := conf.Client(oauth2.NoContext)
 	client.Get("...")
 }
 
@@ -101,7 +101,7 @@ func Example_serviceAccount() {
 	}
 	// Initiate an http.Client, the following GET request will be
 	// authorized and authenticated on the behalf of user@example.com.
-	client := conf.Client(oauth2.NoContext, nil)
+	client := conf.Client(oauth2.NoContext)
 	client.Get("...")
 }
 

google/google.go

@@ -15,7 +15,6 @@ package google // import "golang.org/x/oauth2/google"
 
 import (
 	"encoding/json"
-
 	"fmt"
 	"net"
 	"net/http"
@@ -24,6 +23,9 @@ import (
 	"golang.org/x/oauth2"
 )
 
+// TODO(bradfitz,jbd): import "google.golang.org/cloud/compute/metadata" instead of
+// the metaClient and metadata.google.internal stuff below.
+
 // Endpoint is Google's OAuth 2.0 endpoint.
 var Endpoint = oauth2.Endpoint{
 	AuthURL:  "https://accounts.google.com/o/oauth2/auth",
@@ -66,7 +68,7 @@ type metaTokenRespBody struct {
 // Further information about retrieving access tokens from the GCE metadata
 // server can be found at https://cloud.google.com/compute/docs/authentication.
 func ComputeTokenSource(account string) oauth2.TokenSource {
-	return &computeSource{account: account}
+	return oauth2.ReuseTokenSource(nil, &computeSource{account: account})
 }
 
 type computeSource struct {

google/source_appengine.go

@@ -29,13 +29,16 @@ type tokenLock struct {
 }
 
 type appEngineTokenSource struct {
-	ctx    oauth2.Context
-	scopes []string
-	key    string // guarded by package-level mutex, aeTokensMu
+	ctx oauth2.Context
 
-	// fetcherFunc makes the actual RPC to fetch a new access token with an expiry time.
-	// Provider of this function is responsible to assert that the given context is valid.
-	fetcherFunc func(ctx oauth2.Context, scope ...string) (string, time.Time, error)
+	// fetcherFunc makes the actual RPC to fetch a new access
+	// token with an expiry time.  Provider of this function is
+	// responsible to assert that the given context is valid.
+	fetcherFunc func(ctx oauth2.Context, scope ...string) (accessToken string, expiry time.Time, err error)
+
+	// scopes and key are guarded by the package-level mutex aeTokensMu
+	scopes []string
+	key    string
 }
 
 func (ts *appEngineTokenSource) Token() (*oauth2.Token, error) {
@@ -53,7 +56,7 @@ func (ts *appEngineTokenSource) Token() (*oauth2.Token, error) {
 
 	tok.mu.Lock()
 	defer tok.mu.Unlock()
-	if tok.t != nil && !tok.t.Expired() {
+	if tok.t.Valid() {
 		return tok.t, nil
 	}
 	access, exp, err := ts.fetcherFunc(ts.ctx, ts.scopes...)