I recently discovered undocumented behaviour change of Token Verification provider (ex
RSATokenVerifier) starting from Keycloak ver. 4.4.0.Final caused by
. In short, TokenVerifier now by default does
not perform check of token expiration. This causes, for example, successful responses for
Userinfo requests even if token is being expired.
Because this change was not documented I consider it as a bug and would like to create an
Any thoughts on this point?