Only refreshing after the key is expired will cause us to sign tokens that might not validate for their entire lifetime.
The spirit was to have GetSigningCredentialsAsync call RefreshAsync even if there was no background job calling it -- so this change makes it call it at the same cadence/time we expect a background service to.
This hasn't been a problem in production for various reasons but it was for a specific use-case in the dev environment, but regardless its a bug.
Only refreshing after the key is expired will cause us to sign tokens that might not validate for their entire lifetime.
The spirit was to have GetSigningCredentialsAsync call RefreshAsync even if there was no background job calling it -- so this change makes it call it at the same cadence/time we expect a background service to.
This hasn't been a problem in production for various reasons but it was for a specific use-case in the dev environment, but regardless its a bug.