From 773f7632e1b3f1843ceac60a9d041f7b2b0ca8ab Mon Sep 17 00:00:00 2001 From: Dawid Trzebiatowski Date: Wed, 21 Aug 2024 14:07:20 +0200 Subject: [PATCH] Enable caching of negative introspection responses --- lib/resty/openidc.lua | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/lib/resty/openidc.lua b/lib/resty/openidc.lua index e7b8872..4b0800b 100644 --- a/lib/resty/openidc.lua +++ b/lib/resty/openidc.lua @@ -1720,6 +1720,11 @@ function openidc.introspect(opts) if v then json = cjson.decode(v) + + if not json or not json.active then + err = "invalid cached token" + end + return json, err end @@ -1750,20 +1755,15 @@ function openidc.introspect(opts) end json, err = openidc.call_token_endpoint(opts, introspection_endpoint, body, opts.introspection_endpoint_auth_method, "introspection") - if not json then return json, err end - if not json.active then - err = "invalid token" - return json, err - end - -- cache the results local introspection_cache_ignore = opts.introspection_cache_ignore or false local expiry_claim = opts.introspection_expiry_claim or "exp" + if not introspection_cache_ignore and json[expiry_claim] then local introspection_interval = opts.introspection_interval or 0 local ttl = json[expiry_claim] @@ -1779,6 +1779,10 @@ function openidc.introspect(opts) set_cached_introspection(opts, access_token, cjson.encode(json), ttl) end + if not json.active then + err = "invalid token" + end + return json, err end