Use expires_in for access_token validation

2 files changed, 18 insertions, 1 deletions

diff --git a/lib/google_api/auth.rb b/lib/google_api/auth.rb
index 92787b87ac6..8c962af51d7 100644
--- a/lib/google_api/auth.rb
+++ b/lib/google_api/auth.rb
@@ -19,7 +19,8 @@ module GoogleApi
     end
 
     def get_token(code)
-      client.auth_code.get_token(code, redirect_uri: redirect_uri).token
+      ret = client.auth_code.get_token(code, redirect_uri: redirect_uri)
+      return ret.token, ret.expires_at
     end
 
     protected
diff --git a/lib/google_api/cloud_platform/client.rb b/lib/google_api/cloud_platform/client.rb
index a1abc5bf074..ec77e6bdd72 100644
--- a/lib/google_api/cloud_platform/client.rb
+++ b/lib/google_api/cloud_platform/client.rb
@@ -9,12 +9,28 @@ module GoogleApi
         def session_key_for_token
           :cloud_platform_access_token
         end
+
+        def session_key_for_expires_at
+          :cloud_platform_expires_at
+        end
       end
 
       def scope
         'https://www.googleapis.com/auth/cloud-platform'
       end
 
+      def validate_token(expires_at)
+        return false unless access_token
+        return false unless expires_at
+
+        # Making sure that the token will have been still alive during the cluster creation.
+        unless DateTime.strptime(expires_at, '%s').to_time > Time.now + 10.minutes
+          return false
+        end
+
+        true
+      end
+
       def projects_zones_clusters_get(project_id, zone, cluster_id)
         service = Google::Apis::ContainerV1::ContainerService.new
         service.authorization = access_token