Enable caching of negative introspection responses

Author: boscard

lib/resty/openidc.lua

@@ -1780,6 +1780,11 @@ function openidc.introspect(opts)
 
   if v then
     json = cjson.decode(v)
+
+    if not json or not json.active then
+        err = "invalid cached token"
+    end
+
     return json, err
   end
 
@@ -1810,20 +1815,15 @@ function openidc.introspect(opts)
   end
   json, err = openidc.call_token_endpoint(opts, introspection_endpoint, body, opts.introspection_endpoint_auth_method, "introspection")
 
-
   if not json then
     return json, err
   end
 
-  if not json.active then
-    err = "invalid token"
-    return json, err
-  end
-
   -- cache the results
   local introspection_cache_ignore = opts.introspection_cache_ignore or false
   local expiry_claim = opts.introspection_expiry_claim or "exp"
 
+
   if not introspection_cache_ignore and json[expiry_claim] then
     local introspection_interval = opts.introspection_interval or 0
     local ttl = json[expiry_claim]
@@ -1839,6 +1839,10 @@ function openidc.introspect(opts)
     set_cached_introspection(opts, access_token, cjson.encode(json), ttl)
   end
 
+  if not json.active then
+    err = "invalid token"
+  end
+
   return json, err
 
 end