[SDK/client] Fixes authentication refreshing mechanism

[numerology]

Fixes #3630

Synced with @chensun , we only need this refresh for inverse proxy style authentication because gcloud auth print-access-token has a 1 hour TTL while in _get_auth_token() we're using refresh token, which does not have such limit.

[kubeflow-bot]

This change is 

[numerology]

/assign @chensun
/assign @Bobgy
/assign @IronPan
/assign @Ark-kun

[Ark-kun]

Thank you for fixing the issue.
/lgtm
BTW, can the same approach also be used to fix #2625 ?

[numerology]

Thank you for fixing the issue.
/lgtm
BTW, can the same approach also be used to fix #2625 ?

Thanks! Actually I think #2625 is fixed by #2626 IIUC, where refresh token is introduced.

I am under the impression that refresh token should not have 1 hour TTL. @chensun can correct me if I am wrong.

However if a user provide an existing token to the client I think they'll need to take care of the refreshing themselves.

[numerology]

Did some manual validation at https://2ce65529ad19b245-dot-us-central2.pipelines.googleusercontent.com/#/runs/details/56535ae7-561d-4fee-8149-4f3267340d57

Seems working

[numerology]

/approve

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: numerology

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• sdk/OWNERS [numerology]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment