Aborting a http request can also fail other parallel http requests

[saithis]

This code deduplicates the call to the introspection endpoint for the same token:

            // no cached result - let's make a network roundtrip to the introspection endpoint
            // this code block tries to make sure that we only do a single roundtrip, even when multiple requests
            // with the same token come in at the same time
            try
            {
                Lazy<Task<TokenIntrospectionResponse>> GetTokenIntrospectionResponseLazy(string _)
                {
                    return new Lazy<Task<TokenIntrospectionResponse>>(async () => await LoadClaimsForToken(token, Context, Scheme, Events, Options));
                }

                var response = await IntrospectionDictionary
                    .GetOrAdd(token, GetTokenIntrospectionResponseLazy)
                    .Value;

But this function:

        private static async Task<TokenIntrospectionResponse> LoadClaimsForToken(
	        string token, 
	        HttpContext context, 
	        AuthenticationScheme scheme, 
	        OAuth2IntrospectionEvents events, 
	        OAuth2IntrospectionOptions options)
        {
            var introspectionClient = await options.IntrospectionClient.Value.ConfigureAwait(false);
            using var request = CreateTokenIntrospectionRequest(token, context, scheme, events, options);

            var requestSendingContext = new SendingRequestContext(context, scheme, options)
            {
                TokenIntrospectionRequest = request,
            };

            await events.SendingRequest(requestSendingContext);

            return await introspectionClient.IntrospectTokenAsync(request, context.RequestAborted).ConfigureAwait(false);
        }

Uses the context.RequestAborted from the first request. If this first request is aborted, then the result for all requests that were deduplicated will be "operation cancelled"-error.

This happens every few days for us.