Fix clock skew calculations (#158) Previously, the clock skew adjusted in the wrong direction. It would cause us to consider credentials whose expiration time had already pass according to the system clock to still be sent to the server. This is the opposite of what we wanted to happen. This fixes it so that we report that credentials are expired slightly before the system clock thinks they've expired.

commit: 7af9f6655121ef747a890daeac942f315069ef46 [log] [tgz]
author: Jon Wayne Parrott <jonwayne@google.com> Mon May 08 09:40:56 2017 -0700
committer: GitHub <noreply@github.com> Mon May 08 09:40:56 2017 -0700
tree: 6428c28dda625fefb5a7c1d9cd2e50973292e048
parent: 709953d34c0c93744606a38e84abce557e73dfcb [diff] [blame]
diff --git a/google/auth/credentials.py b/google/auth/credentials.py
index 6fb89d8..74d6788 100644
--- a/google/auth/credentials.py
+++ b/google/auth/credentials.py

@@ -56,10 +56,13 @@
         Note that credentials can be invalid but not expired becaue Credentials
         with :attr:`expiry` set to None is considered to never expire.
         """
-        # Err on the side of reporting expiration early so that we avoid
-        # the 403-refresh-retry loop.
-        adjusted_now = _helpers.utcnow() - _helpers.CLOCK_SKEW
-        return self.expiry is not None and self.expiry <= adjusted_now
+        if not self.expiry:
+            return False
+
+        # Remove 5 minutes from expiry to err on the side of reporting
+        # expiration early so that we avoid the 401-refresh-retry loop.
+        skewed_expiry = self.expiry - _helpers.CLOCK_SKEW
+        return _helpers.utcnow() >= skewed_expiry
 
     @property
     def valid(self):
commit	7af9f6655121ef747a890daeac942f315069ef46	[log] [tgz]
author	Jon Wayne Parrott <jonwayne@google.com>	Mon May 08 09:40:56 2017 -0700
committer	GitHub <noreply@github.com>	Mon May 08 09:40:56 2017 -0700
tree	6428c28dda625fefb5a7c1d9cd2e50973292e048
parent	709953d34c0c93744606a38e84abce557e73dfcb [diff] [blame]