Expose Authentication time in token response

[vbjay]

See DuendeArchive/IdentityModel.OidcClient#277.

The TokenResponse should expose the auth_time value.

[leastprivilege]

I disagree. auth_time is a claim. TokenResponse models an OAuth token response. This is a protocol libary.

[vbjay]

Ok. Makes sense. So instead just fix the expires in type and update the oidc client to get the claim?

[vbjay]

I just think if you allow for expires_in, that auth_time should be included also.

[vbjay]

I just added a fixup commit that makes it nullable. d411689

[leastprivilege]

I just think if you allow for expires_in, that auth_time should be included also.

a) expires_in is about the access token (OAuth), auth_time is the time of the user authentication (OIDC)
b) expires_in is a official specified response parameter in OAuth, auth_time is a claim in the ID token (this library would first need to validate the token before it can use values from it).

https://tools.ietf.org/html/rfc6749#section-4.1.4

[vbjay]

I see. I'll move it to oidcclient. Thanks.

[vbjay]

I'll adjust the pull request to just do the epires_in fix.

[vbjay]

Ok. Expires_in isn't the same as the identity token's expires_in. I'll rework in oidc client.

[github-actions]

This issue has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue.