From 3419b42955675df23457629c75f58eb8dcd56954 Mon Sep 17 00:00:00 2001
From: dfawley <dfawley@google.com>
Date: Tue, 16 May 2017 12:37:36 -0700
Subject: [PATCH] Reuse Token for serviceAccount credentials (#1238)

---
 credentials/oauth/oauth.go | 22 +++++++++++++++-------
 1 file changed, 15 insertions(+), 7 deletions(-)

diff --git a/credentials/oauth/oauth.go b/credentials/oauth/oauth.go
index 25393cc6..126bc784 100644
--- a/credentials/oauth/oauth.go
+++ b/credentials/oauth/oauth.go
@@ -37,6 +37,7 @@ package oauth
 import (
 	"fmt"
 	"io/ioutil"
+	"sync"
 
 	"golang.org/x/net/context"
 	"golang.org/x/oauth2"
@@ -132,20 +133,27 @@ func NewComputeEngine() credentials.PerRPCCredentials {
 
 // serviceAccount represents PerRPCCredentials via JWT signing key.
 type serviceAccount struct {
+	mu     sync.Mutex
 	config *jwt.Config
+	t      *oauth2.Token
 }
 
-func (s serviceAccount) GetRequestMetadata(ctx context.Context, uri ...string) (map[string]string, error) {
-	token, err := s.config.TokenSource(ctx).Token()
-	if err != nil {
-		return nil, err
+func (s *serviceAccount) GetRequestMetadata(ctx context.Context, uri ...string) (map[string]string, error) {
+	s.mu.Lock()
+	defer s.mu.Unlock()
+	if !s.t.Valid() {
+		var err error
+		s.t, err = s.config.TokenSource(ctx).Token()
+		if err != nil {
+			return nil, err
+		}
 	}
 	return map[string]string{
-		"authorization": token.TokenType + " " + token.AccessToken,
+		"authorization": s.t.TokenType + " " + s.t.AccessToken,
 	}, nil
 }
 
-func (s serviceAccount) RequireTransportSecurity() bool {
+func (s *serviceAccount) RequireTransportSecurity() bool {
 	return true
 }
 
@@ -156,7 +164,7 @@ func NewServiceAccountFromKey(jsonKey []byte, scope ...string) (credentials.PerR
 	if err != nil {
 		return nil, err
 	}
-	return serviceAccount{config: config}, nil
+	return &serviceAccount{config: config}, nil
 }
 
 // NewServiceAccountFromFile constructs the PerRPCCredentials using the JSON key file