Hi Hackers, Currently, during OAuth2 authentication, the ValidatorModuleResult structure allows a validator(extension) to return the authentication status and the authn_id. However, we ignore the token expiry time (exp claim).
Once a token is validated, the backend has no record of when that token actually expires. A session can remain open indefinitely even if the underlying access token has expired shortly after the connection was established. This patch adds the infrastructure to capture and store this expiration timestamp within the backend session state. It does not implement an enforcement policy (such as auto-termination). Request a review. Thanks & Best Regards, Ajit
password_expiry_oauth.diff
Description: Binary data
