Token expiration check tolerance issue in PersistedAccessTokenCache.GetValidToken

[LennartKleymann]

Description:
The PersistedAccessTokenCache.GetValidToken method currently checks the JWT token for expiration. However, there is a zero-tolerance window between this check, which causes issues in scenarios where the token becomes invalid for a short duration before the calculated expiration time.

To Reproduce:

1. Obtain a JWT token.
2. Wait for the token to approach its expiration time.
3. Attempt to use the token within the short duration before its calculated expiration time, approximately 300ms.
4. Observe that the token is not valid.

Expected behavior:
The PersistedAccessTokenCache.GetValidToken method should consider a token invalid if it is used within a reasonable tolerance window before its calculated expiration time, allowing for minor delays in token retrieval and usage.

Additional context:
This issue affects applications where the token provider's response time causes a slight delay in token retrieval, leading to a brief period where the token is incorrectly deemed valid.

[tarmopr]

The Token lifetime duration is different depending on the issuer (identity service) settings (can be seconds, hours or days). Instead of using constant value, consider using configuration setting or calculate as percentage of the token lifetime length.

Pros and cons:

• Using configuration settings for the expiration "window" will make it more visible for the developer. Default value can be used if not set in the settings (for backwards compatibility - zero?).
• The percentage calculation is more flexible, but can introduce additional complexity and unknown behaviour for developers using the library.