Currently Amdatu security has it's own expire time in the JWT. However, the accesstoken to the third party can also have an access time, and the idprovider's getUserIdentity() (which can return the accesstoken and refreshtoken), does not supply the expiry time.
It would be nice if this could be returned as well, since then it is known whether a new accesstoken needs to be requested for e.g. offline access.
When debugging, I noticed the following (see also the code below):
first the accesstoken is retrieved. This contains the expiry time and refresh token
The idToken is verified, and it's attributes are saved
All userinfo is added to those attributes
From these attributes only the wanted claims are kept (and are now called tokenAttrs)
the tokenAttributes get the providertype, accesstoken, and refreshtoken and are returned.
The idToken does not contain the expiry time, nor does the userinfo; hence the expiry time is not added to the response.
Additionally, the refreshToken() call could/should return the expiration time as well.
See the attached screenshot for an example response for the refresh token call to the Office365 OpenId provider:
Currently, only the new access token is stored, but the other information should be stored/returned as well.