Flaw in REST API Authentication

I'm running into a problem with authenticating via the rest API. I run a cron every 5 minutes and every so often I get a not authenticated error. I'm using this ruby client:

GitHub - raszi/mrkt: This gem provides some level of abstraction to Marketo REST APIs.

The problem is that the API includes expires_in in the response with how many seconds left the token has before it expires. Without an exact expiration time, doing something like "Time.now + expires_in" (mrkt/authentication.rb at master · raszi/mrkt · GitHub) is just an approximation.

Even with an explicit timestamp for expires_in though, there is still a possibility of this happening depending on server time accuracy (because my server may not be in sync with the API). This is one why we need a refresh endpoint, or at least a way to force a new token!!

Since I can't force a new token to be returned (AFAIK), I can only handle the error and retry a moment later.

The fact that I'm running the every 5 minutes creates a perfect scenario for this to happen. A new token is created during one run, and ~1hour later intermittently on the 12th run the problem occurs.

Monkey-patching the comparison (in the ruby gem) from "<" to "<=" has made the problem much less frequent, but of course hasn't entirely solved the problem.