Re: [OAuth2] Infrastructure for tracking token expiry time

Hi Vasuki, Zsolt

Thanks a lot for your review comments and reply.I have updated the patch
and below is summary of changes

1. Adding a check_oauth_expiry() function called during command
execution to verify token validity
2. Terminating sessions with expired/revoked tokens before executing new
commands.
3. Supporting callback-based revocation checks

I have added a unit test case to validate that sessions are properly
terminated when their OAuth tokens expire.

Request a review.

Thanks & Best Regards,
Ajit

On Tue, 17 Feb 2026 at 16:17, VASUKI M <vasukianand0119(at)gmail(dot)com> wrote:

> Hi All,
>
> I see the concern about keeping the validator API generic and not
> implicitly favoring JWT-style providers.
> The callback-based approach does seem more flexible, especially for opaque
> tokens or providers supporting revocation, where validity cannot be
> represented as a fixed timestamp.
> Perhaps one possible direction could be to support both:
>
> An optional expiry timestamp for simple/static cases.
>
> An optional callback (e.g., expired_cb) for dynamic validation.
>
> This would allow JWT-based validators to remain lightweight while enabling
> more complex providers to implement custom revalidation logic.
> If enforcement is planned at statement start, integrating the callback
> mechanism in the same patch might also clarify the intended semantics.
>
> Best regards,
> Vasuki M
> C-DAC,Chennai
>