On our endpoint, we get an OIDC token and a refresh token. When the OIDC token has expired, we want to refresh the token using the provided refresh token. Currently, except for disabling all default validators, I see no way to only exclude expiry validation.
Is it possible in Jose4j?
Only exclude expiry validation? Or only include expiry validation?
Setting up the JWT Consumer like this will basically only do expiry validation.
JwtConsumer consumer = new JwtConsumerBuilder()
.setDisableRequireSignature()
.setSkipSignatureVerification()
.setSkipDefaultAudienceValidation()
.setRequireExpirationTime()
.build();
To effectively exclude expiry validation you could use something like .setAllowedClockSkewInSeconds(2000000000) on a JwtConsumerBuilder