Open
Description
Right now there is a common TTL for every token introspection caching, e.g. 30 minutes. It makes applications really dependent on availability of Oauth2 server. If this becomes unavailable, application stops accepting any incoming requests until the Oauth2 server becomes available, even though the token may be valid for even couple of hours more!
Possible solutions:
- set TTL to token expiration time, but in the background process try regularly to check if token is valid
- if the token TTL is about to expire, and application request to validate it, try to call server to validate it, but if this fails with 500 trust the token introspection from cache