google: update compute token refreshupstream-master

The shortest MDS token cache time is 4 minutes. The refresh window is updated
to 3 minutes and 45 seconds to give the MDS time to update it's cache.

This should make slow refreshes less likely to cause failures.

Done in https://github.com/googleapis/google-cloud-go/pull/9139 for the other auth library.

Change-Id: Ifa353248197d8998e6b0363d1f2821b45a0e6495
Reviewed-on: https://go-review.googlesource.com/c/oauth2/+/584815
Auto-Submit: Cody Oss <codyoss@google.com>
TryBot-Bypass: Cody Oss <codyoss@google.com>
Run-TryBot: Cody Oss <codyoss@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Cody Oss <codyoss@google.com>

1 files changed, 4 insertions, 1 deletions

diff --git a/google/google.go b/google/google.go
index ba931c2..7b82e7a 100644
--- a/google/google.go
+++ b/google/google.go
@@ -252,7 +252,10 @@ func (f *credentialsFile) tokenSource(ctx context.Context, params CredentialsPar
 // Further information about retrieving access tokens from the GCE metadata
 // server can be found at https://cloud.google.com/compute/docs/authentication.
 func ComputeTokenSource(account string, scope ...string) oauth2.TokenSource {
-	return computeTokenSource(account, 0, scope...)
+	// refresh 3 minutes and 45 seconds early. The shortest MDS cache is currently 4 minutes, so any
+	// refreshes earlier are a waste of compute.
+	earlyExpirySecs := 225 * time.Second
+	return computeTokenSource(account, earlyExpirySecs, scope...)
 }
 
 func computeTokenSource(account string, earlyExpiry time.Duration, scope ...string) oauth2.TokenSource {