Hi Vasuki, Zsolt Thanks a lot for your review comments and reply.I have updated the patch and below is summary of changes
1. Adding a check_oauth_expiry() function called during command execution to verify token validity 2. Terminating sessions with expired/revoked tokens before executing new commands. 3. Supporting callback-based revocation checks I have added a unit test case to validate that sessions are properly terminated when their OAuth tokens expire. Request a review. Thanks & Best Regards, Ajit On Tue, 17 Feb 2026 at 16:17, VASUKI M <[email protected]> wrote: > Hi All, > > I see the concern about keeping the validator API generic and not > implicitly favoring JWT-style providers. > The callback-based approach does seem more flexible, especially for opaque > tokens or providers supporting revocation, where validity cannot be > represented as a fixed timestamp. > Perhaps one possible direction could be to support both: > > An optional expiry timestamp for simple/static cases. > > An optional callback (e.g., expired_cb) for dynamic validation. > > This would allow JWT-based validators to remain lightweight while enabling > more complex providers to implement custom revalidation logic. > If enforcement is planned at statement start, integrating the callback > mechanism in the same patch might also clarify the intended semantics. > > Best regards, > Vasuki M > C-DAC,Chennai >
password_expiry_oauth_V2.patch
Description: Binary data
