leastprivilege
commented
2 years ago Yes - this is because someone could revoke the token before its expiration time. That's the whole point of using reference tokens.
Closed nanthakumar2007 closed 2 years ago
leastprivilege
commented
2 years ago Yes - this is because someone could revoke the token before its expiration time. That's the whole point of using reference tokens.
github-actions[bot]
commented
2 years ago This issue has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue.
Below code having issue it's not considering actual token exp and its always considering with default cacheduration property value My token exp value is 20 mins but every 5 mins its requesting and verify with introspection endpoint due to below code.
public TimeSpan CacheDuration { get; set; } = TimeSpan.FromMinutes(5);
// if the lifetime of the token is shorter than the duration, use the remaining token lifetime DateTimeOffset absoluteLifetime; if (expiration <= now.Add(duration)) { absoluteLifetime = expiration; } else { absoluteLifetime = now.Add(duration); }
Could you please support user should use either exp (claim) or cacheduration property. currently system is forcing to set cacheduration