Improve /auth/api/v1/accounts/self/xsrf_token to include expiration timestamp

[GoogleCodeExporter]

XSRFHandler only returns the token, with no details about the expected renewal 
time. It's not a big deal for short lived processes that live under the 
validity period of the token but it's a serious client management issue for 
longer lived processes.

Code:
https://code.google.com/p/swarming/source/browse/services/components/components/
auth/ui/rest_api.py#75

Proposal:
Expose XSRFToken.expiration_sec and version in
https://code.google.com/p/swarming/source/browse/services/components/components/
auth/handler.py#53
in the reply to Improve /auth/api/v1/accounts/self/xsrf_token.

This way the client can be smart and preemptively refresh the token when it's 
near its expiration time.

Right now the client XsrfRemote is dumb;
https://code.google.com/p/swarming/source/browse/services/swarming/swarm_bot/url
_helper.py
and it hurts performance. It's being used in the new bot code.

Another possible solution is to improve all the JSON APIs to have a clear reply 
when the XSRF needs to be updated so the client can act accordingly, without 
having the client to keep track of the expiration time. The problem with this 
approach is when multiple concurrent HTTP connections all hit this condition 
concurrently, it'll have a higher performance impact than if the client manages 
token lifetime itself.

Other ideas are welcome.

Original issue reported on code.google.com by maruel@chromium.org on 15 Aug 2014 at 2:45

[GoogleCodeExporter]

Note that isolate server uses another endpoint to generate xsrf token: 
https://code.google.com/p/swarming/source/browse/services/isolate/handlers_front
end.py#206

Original comment by vadimsh@chromium.org on 15 Aug 2014 at 5:48

[GoogleCodeExporter]

Moving to endpoints.

Original comment by maruel@chromium.org on 25 Feb 2015 at 2:27

• Changed state: WontFix