From 03ec1d3bf862f78761f12865881ad0921553d299 Mon Sep 17 00:00:00 2001 From: Dawid Trzebiatowski Date: Wed, 21 Aug 2024 14:07:20 +0200 Subject: [PATCH] Enable caching of negative introspection responses --- lib/resty/openidc.lua | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/lib/resty/openidc.lua b/lib/resty/openidc.lua index 3ac7f20..21601df 100644 --- a/lib/resty/openidc.lua +++ b/lib/resty/openidc.lua @@ -1780,6 +1780,11 @@ function openidc.introspect(opts) if v then json = cjson.decode(v) + + if not json or not json.active then + err = "invalid cached token" + end + return json, err end @@ -1810,20 +1815,15 @@ function openidc.introspect(opts) end json, err = openidc.call_token_endpoint(opts, introspection_endpoint, body, opts.introspection_endpoint_auth_method, "introspection") - if not json then return json, err end - if not json.active then - err = "invalid token" - return json, err - end - -- cache the results local introspection_cache_ignore = opts.introspection_cache_ignore or false local expiry_claim = opts.introspection_expiry_claim or "exp" + if not introspection_cache_ignore and json[expiry_claim] then local introspection_interval = opts.introspection_interval or 0 local ttl = json[expiry_claim] @@ -1839,6 +1839,10 @@ function openidc.introspect(opts) set_cached_introspection(opts, access_token, cjson.encode(json), ttl) end + if not json.active then + err = "invalid token" + end + return json, err end