Hi All,
I am using oauth-auth in order to give mobile users access to protected resources.
I noticed in the logs that the token is validated against the introspect endpoint for every request.
The introspect endpoint is outside of my organisation.
I wanted to speed things up. So I've enabled the following config setting:
[session]
max-entries = 4096
timeout = 900
inactive-timeout = 900
[session-http-headers]
Authorization = https
I expected the token validation to take place once per 900 secs, but still the token is validated against the introspect endpoint for every request.
And yes, the device is sending the same token.
Can someone point me into the right direction?
Regards,
Paul van den Brink
------------------------------
Paul van den Brink
------------------------------