damienburke opened a new issue, #22125: URL: https://github.com/apache/pulsar/issues/22125
### Search before asking - [X] I searched in the [issues](https://github.com/apache/pulsar/issues) and found nothing similar. ### Motivation The behaviour that the authenticationRefreshCheckSeconds config enables should be available for all auth types whose credentials can expire. This is the case for JWTs (and i think also OAuth). So one motivation is simply providing consistency / no surprises. And of course this feature would be very useful for mTLS. Furthermore, without it, kind of makes using mTLS unattractive - and we can have obviously have scenarios where an cert that was used to auth, becomes expired - but the auth'd connection can remain. for infinity! ### Solution There is an existing pattern for this, as implemented for [tokens](https://github.com/apache/pulsar/blob/bbc62245c5ddba1de4b1e7cee4ab49334bc36277/pulsar-broker-common/src/main/java/org/apache/pulsar/broker/authentication/AuthenticationProviderTls.java) (and OAuth). Solution is to reverse engineer / grok that pattern - and apply it ### Alternatives _No response_ ### Anything else? _No response_ ### Are you willing to submit a PR? - [X] I'm willing to submit a PR! -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
