Feature Request: Bust the cache

[ghstahl]

The cache key is internal knowledge of this library.

$"{cacheKeyPrefix}{token.Sha256()}"

example usage of the cache key;

public static async Task<IEnumerable<Claim>> GetClaimsAsync(this IDistributedCache cache, string cacheKeyPrefix, string token)
        {
            var bytes = await cache.GetAsync($"{cacheKeyPrefix}{token.Sha256()}").ConfigureAwait(false);

            if (bytes == null)
            {
                return null;
            }

            var json = Encoding.UTF8.GetString(bytes);
            return JsonSerializer.Deserialize<IEnumerable<Claim>>(json, Options);
        }

I can bust the cache myself, but that is only because I have this source code that shows me what the key is and is using IDistributedCache.

Should this library expose the ability to bust the cache by passing in the access_token?

[leastprivilege]

I don't think that this is the concern of an authentication handler - but please tell me what you want me to see as exposed data so someone can "officially" write an extension for it.

[ghstahl]

Hi Dom I created a pull request for you to review.

in short, it introduces the following into OAuth2IntrospectionOptions

/// <summary>
/// Specifies the method how to generate the cache key from the token
/// </summary>
public Func<OAuth2IntrospectionOptions,string, string> CacheKeyGenerator { get; set; } = CacheUtils.CacheKeyFromToken();

If I can rely on this library to use IDistributedCache and I have control over cacheKey generation, then I can bust the cache for any reason downstream.

[leastprivilege]

merged + pushed. Thanks!

[github-actions[bot]]

This issue has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue.