Issue with adding Request Cancelation Token to Introspection Request

[bmendonca21]

With the lazy introspection call being shared by potentially multiple client requests, adding the request cancellation token to the introspection request is problematic. In effect, if the request that wins the contest to add its introspection call gets canceled by the client, subsequent requests that are reusing that call will have their introspection call get canceled as well which is not a desired behavior. Please consider removing the request cancellation token on the introspection request or stop sharing introspection requests across multiple client requests.

[gao-artur]

I believe you are talking about this change https://github.com/IdentityModel/IdentityModel.AspNetCore.OAuth2Introspection/pull/173. If so, that may explain all the TaskCanceledException's we observe after upgrading from 6.0.0 to 6.2.0. The part that made me crazy was that HttpContext.RequestAborted.IsCancellationRequested is false most of the time. With your explanation, all that makes sense now.

[leastprivilege]

Hi,

thanks. We will look into it.

[rasmus-s]

We had also seen this issue (where we got (A task was canceled-exceptions) and the HttpContext.RequestAborted.IsCancellationRequested was false).

We include the IdentityModel.AspNetCore.OAuth2Introspection project as source code from tag: 6.2.0 into our solution and only changes we made was to bump the IdentityModel-nuget package from 6.0.0 -> 6.1.0.

Then it all worked as it should and we stop getting the a task was canceled-exceptions from introspection request.
Hope it helps others