internal/cueconfig: note the difference between token expiry fields

The JSON expiry field is an absolute timestamp used at rest,
and the JSON expires_in field is a relative duration in seconds
declared by the RFC and used in the wire format.

Signed-off-by: Daniel Martí <[email protected]>
Change-Id: Ib2246b309c8595d435cdb979a057f244af3788b1
Reviewed-on: https://review.gerrithub.io/c/cue-lang/cue/+/1202038
Unity-Result: CUE porcuepine <[email protected]>
TryBot-Result: CUEcueckoo <[email protected]>
Reviewed-by: Roger Peppe <[email protected]>

Author: mvdan

internal/cueconfig/config.go

@@ -31,6 +31,10 @@ type RegistryLogin struct {
 	// These fields mirror [oauth2.Token].
 	// We don't directly reference the type so we can be in control of our file format.
 	// Note that Expiry is a pointer, so omitempty can work as intended.
+	// TODO(mvdan): drop the pointer once we can use json's omitzero: https://go.dev/issue/45669
+	// Note that we store Expiry at rest as an absolute timestamp in UTC,
+	// rather than the ExpiresIn field following the RFC's wire format,
+	// a duration in seconds relative to the current time which is not useful at rest.
 
 	AccessToken string `json:"access_token"`