I propose that we add expiration methods to the SecurityToken interface. This is necessary for future OAuth2 compatibility. Here's the proposed interface:
/** * @return the UTC timestamp (in milliseconds) that this token expires or null if unknown or indeterminate */ Long getExpiresAt(); /** * @return true if the token is no longer valid */ boolean isExpired();
