An exception from LoadClaimsForToken via AsyncLazy value is persisted at IntrospectionDictionary #237
Description
Affected component
Other
Version
6.3
Describe the bug
The IntrospectionDictionary is a static dictionary storing AsyncLazy values. In case the LoadClaimsForToken throw an exception, the exception is persisted in IntrospectionDictionary instead of retry to get real value.
Discovered by: I have discovered at scenario when LoadClaimsForToken request has timed-out and all the subsequent API calls were broken (immediately returning same timeout) and I have to restart whole process (App Service).
Lazy<Task<TokenIntrospectionResponse>> GetTokenIntrospectionResponseLazy(string _)
{
return new Lazy<Task<TokenIntrospectionResponse>>(async () => await LoadClaimsForToken(token, Context, Scheme, Events, Options));
}
var response = await IntrospectionDictionary
.GetOrAdd(token, GetTokenIntrospectionResponseLazy)
.Value;
Steps to reproduce
This might be hard to forcible reproduce this but it has happened in my environment.
Expected behavior
In case the exception happens, the dictionary value should be updated with new instance and retried.
Additional context
I have discovered by using deprecated library and originally reported also at deprecated repository. However looking at code at this repository, the problem is still present.
[https://github.com/DuendeArchive/IdentityModel.AspNetCore.OAuth2Introspection/issues/195#issuecomment-3253018019]