Kévin Chalet

> In other words, imagine the next situation - I explore web page A for ages so that my cookie expires, then I go to page B, and while the...

Great to hear!

@bkoelman this breaking change was reverted in preview7: https://github.com/dotnet/efcore/issues/31104.

A 401 HTTP response returned by the OpenIddict validation stack typically indicates a missing or invalid token (a permission issue should always result in a 403 response instead) but in...

> I thought it was implicit for the server to validate tokens. I expected to activate and use the "OpenId Token Validation" feature for the "OpenId Client", and not for...

The description has been fixed in https://github.com/OrchardCMS/OrchardCore/pull/15407. Closing.

@sebastienros I don't think it's related: in that issue, you get an incorrect result but no exception is thrown, which is not the case here (also, `JsonWebKeySet` has both a...

> Can we please merge this PR @kevinchalet? Yeah. Once the code style issues listed by @hishamco are fixed, let's merge it 👍🏻

Thanks! I'll leave @hishamco merge this PR in case he'd have some additional feedback 😃

Rebased on top of `main`.