There is no way to know when a given token will expire. Supplying the username and password currently does not solve this problem because my design goal was not to save the username/password anywhere. I am rethinking that strategy right now as asking a user to regenerating/relink on Google Assistant is very painful as compared to the process on Amazon Alexa.
Do people reading this have an opinion on whether they would prefer to have this app store username/password and autogenerate tokens when they expire?
When giving the access token, why not optionally ask for the refresh token in addition, and when the access token fails, try refreshing? (or also ask for the "created_at" and "expires_in" fields too so you can check if you need to refresh before making any requests)