Allow clients to control the how the cache key is generated from a token.

[leastprivilege]

Should we have tests for that?

[ghstahl]

it depends ;

1. The library never had tests for itself around generating the key. $"{options.CacheKeyPrefix}{token.Sha256()}" No, its status quo here.

2. If we want to start enforcing key length because of the OAuth2IntrospectionOptions.CacheKeyPrefix, then Yes. We add a runtime check that needs a test

The only 2 problems I see is a key length that runs afoul of the backing cache and a user's bad key generation algorithm which causes collisions.

[github-actions[bot]]

This pull request has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue.