Hi all,
Am I correct to assume that authenticated sessions, established using the OIDC RP auth mechanism from the WebSEAL RP, do not ever check the access_token or id_token for expiration? Right now it seems that regardless of how i set the access token lifetime (or auth grant time when refresh tokens is used), the session credential does not change at all.
I am asking as we have a case where identity claims may be updated in midst of a session, ideally a new id_token would be fetched from the token endpoint (and resulting also in a credential refresh) from within the WebSEAL proxy.
Thanks in advance
- Abdel